perf: 删除无效代码;修改变量命名;减少内存分配
This commit is contained in:
luwenpeng
@@ -57,6 +57,7 @@ cmake3 -DCMAKE_CXX_FLAGS=$CXX_FLAGS \
|
|||||||
-DVERSION_DAILY_BUILD=$TESTING_VERSION_BUILD \
|
-DVERSION_DAILY_BUILD=$TESTING_VERSION_BUILD \
|
||||||
..
|
..
|
||||||
make -j 4
|
make -j 4
|
||||||
|
make test
|
||||||
|
|
||||||
if [ -n "${PACKAGE}" ]; then
|
if [ -n "${PACKAGE}" ]; then
|
||||||
make package
|
make package
|
||||||
|
|||||||
@@ -99,7 +99,9 @@ int packet_get_outermost_two_tuple(const struct packet *handler, struct two_tupl
|
|||||||
const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type);
|
const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type);
|
||||||
const struct layer_record *packet_get_outermost_layer(const struct packet *handler, enum layer_type type);
|
const struct layer_record *packet_get_outermost_layer(const struct packet *handler, enum layer_type type);
|
||||||
|
|
||||||
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int dir_is_i2e);
|
// direction 1: E2I
|
||||||
|
// direction 0: I2E
|
||||||
|
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int direction);
|
||||||
|
|
||||||
#ifdef __cpluscplus
|
#ifdef __cpluscplus
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -13,9 +13,8 @@ extern "C"
|
|||||||
#define LOG_TAG_PKTIO "PACKET_IO"
|
#define LOG_TAG_PKTIO "PACKET_IO"
|
||||||
#define LOG_TAG_RAWPKT "DATA_PACKET"
|
#define LOG_TAG_RAWPKT "DATA_PACKET"
|
||||||
#define LOG_TAG_CTRLPKT "CTRL_PACKET"
|
#define LOG_TAG_CTRLPKT "CTRL_PACKET"
|
||||||
#define LOG_TAG_METRICS "G_METRICS"
|
#define LOG_TAG_SFMETRICS "SF_METRICS"
|
||||||
#define LOG_TAG_SF_METRICS "SF_METRICS"
|
#define LOG_TAG_SFSTATUS "SF_STATUS"
|
||||||
#define LOG_TAG_SF_STATUS "SF_STATUS"
|
|
||||||
#define LOG_TAG_UTILS "UTILS"
|
#define LOG_TAG_UTILS "UTILS"
|
||||||
#define LOG_TAG_HEALTH_CHECK "HEALTH_CHECK"
|
#define LOG_TAG_HEALTH_CHECK "HEALTH_CHECK"
|
||||||
#define LOG_TAG_TIMESTAMP "TIMESTAMP"
|
#define LOG_TAG_TIMESTAMP "TIMESTAMP"
|
||||||
@@ -66,7 +65,6 @@ struct sids
|
|||||||
sid_t elems[MR_SID_LIST_MAXLEN];
|
sid_t elems[MR_SID_LIST_MAXLEN];
|
||||||
};
|
};
|
||||||
|
|
||||||
void sids_write_once(struct sids *dst, struct sids *src);
|
|
||||||
void sids_copy(struct sids *dst, struct sids *src);
|
void sids_copy(struct sids *dst, struct sids *src);
|
||||||
|
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
@@ -79,7 +77,6 @@ struct route_ctx
|
|||||||
int len;
|
int len;
|
||||||
};
|
};
|
||||||
|
|
||||||
void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src);
|
|
||||||
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src);
|
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src);
|
||||||
|
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
|
|||||||
@@ -1175,7 +1175,9 @@ const struct layer_record *packet_get_outermost_layer(const struct packet *handl
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int dir_is_i2e)
|
// direction 1: E2I
|
||||||
|
// direction 0: I2E
|
||||||
|
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int direction)
|
||||||
{
|
{
|
||||||
uint64_t temp = 0;
|
uint64_t temp = 0;
|
||||||
uint64_t hash_value = 1;
|
uint64_t hash_value = 1;
|
||||||
@@ -1216,23 +1218,27 @@ uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method,
|
|||||||
switch (method)
|
switch (method)
|
||||||
{
|
{
|
||||||
case LDBC_METHOD_HASH_INT_IP:
|
case LDBC_METHOD_HASH_INT_IP:
|
||||||
if (dir_is_i2e)
|
if (direction)
|
||||||
{
|
{
|
||||||
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
// direction 1: E2I
|
||||||
|
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
// direction 0: I2E
|
||||||
|
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case LDBC_METHOD_HASH_EXT_IP:
|
case LDBC_METHOD_HASH_EXT_IP:
|
||||||
if (dir_is_i2e)
|
if (direction)
|
||||||
{
|
{
|
||||||
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
// direction 1: E2I
|
||||||
|
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
// direction 0: I2E
|
||||||
|
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case LDBC_METHOD_HASH_INT_IP_AND_EXT_IP:
|
case LDBC_METHOD_HASH_INT_IP_AND_EXT_IP:
|
||||||
@@ -1241,23 +1247,27 @@ uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method,
|
|||||||
hash_value = hash_value ^ temp;
|
hash_value = hash_value ^ temp;
|
||||||
break;
|
break;
|
||||||
case LDBC_METHOD_HASH_INNERMOST_INT_IP:
|
case LDBC_METHOD_HASH_INNERMOST_INT_IP:
|
||||||
if (dir_is_i2e)
|
if (direction)
|
||||||
{
|
{
|
||||||
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
// direction 1: E2I
|
||||||
|
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
// direction 0: I2E
|
||||||
|
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
|
case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
|
||||||
if (dir_is_i2e)
|
if (direction)
|
||||||
{
|
{
|
||||||
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
// direction 1: E2I
|
||||||
|
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
// direction 0: I2E
|
||||||
|
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@@ -1268,7 +1278,7 @@ uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method,
|
|||||||
char *inner_addr_str = two_tuple_tostring(&inner_addr);
|
char *inner_addr_str = two_tuple_tostring(&inner_addr);
|
||||||
char *outer_addr_str = two_tuple_tostring(&outer_addr);
|
char *outer_addr_str = two_tuple_tostring(&outer_addr);
|
||||||
printf("%s: outer_addr: %s, inner_addr: %s, dir: %s, hash_method: %s, hash_value: %lu\n",
|
printf("%s: outer_addr: %s, inner_addr: %s, dir: %s, hash_method: %s, hash_value: %lu\n",
|
||||||
LOG_PACKET, outer_addr_str, inner_addr_str, (dir_is_i2e ? "I2E" : "E2I"), ldbc_method_tostring(method), hash_value);
|
LOG_PACKET, outer_addr_str, inner_addr_str, (direction ? "E2I" : "I2E"), ldbc_method_tostring(method), hash_value);
|
||||||
free(inner_addr_str);
|
free(inner_addr_str);
|
||||||
free(outer_addr_str);
|
free(outer_addr_str);
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -102,17 +102,6 @@ int mutable_array_index_elem(struct mutable_array *array, int index)
|
|||||||
* sids
|
* sids
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
void sids_write_once(struct sids *dst, struct sids *src)
|
|
||||||
{
|
|
||||||
if (dst && src)
|
|
||||||
{
|
|
||||||
if (dst->num == 0 && src->num > 0)
|
|
||||||
{
|
|
||||||
sids_copy(dst, src);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void sids_copy(struct sids *dst, struct sids *src)
|
void sids_copy(struct sids *dst, struct sids *src)
|
||||||
{
|
{
|
||||||
if (dst && src)
|
if (dst && src)
|
||||||
@@ -126,17 +115,6 @@ void sids_copy(struct sids *dst, struct sids *src)
|
|||||||
* route_ctx
|
* route_ctx
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src)
|
|
||||||
{
|
|
||||||
if (dst && src)
|
|
||||||
{
|
|
||||||
if (dst->len == 0)
|
|
||||||
{
|
|
||||||
route_ctx_copy(dst, src);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src)
|
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src)
|
||||||
{
|
{
|
||||||
memcpy(dst->data, src->data, src->len);
|
memcpy(dst->data, src->data, src->len);
|
||||||
|
|||||||
@@ -14,6 +14,14 @@ add_executable(gtest_control_packet gtest_control_packet.cpp)
|
|||||||
target_include_directories(gtest_control_packet PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
|
target_include_directories(gtest_control_packet PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
|
||||||
target_link_libraries(gtest_control_packet common gtest)
|
target_link_libraries(gtest_control_packet common gtest)
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# gtest_packet
|
||||||
|
###############################################################################
|
||||||
|
|
||||||
|
add_executable(gtest_packet gtest_packet.cpp)
|
||||||
|
target_include_directories(gtest_packet PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
|
||||||
|
target_link_libraries(gtest_packet common gtest)
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# gtest_utils
|
# gtest_utils
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@@ -37,5 +45,6 @@ target_link_libraries(gtest_health_check_table common gtest platform)
|
|||||||
include(GoogleTest)
|
include(GoogleTest)
|
||||||
gtest_discover_tests(gtest_session_table)
|
gtest_discover_tests(gtest_session_table)
|
||||||
gtest_discover_tests(gtest_control_packet)
|
gtest_discover_tests(gtest_control_packet)
|
||||||
|
gtest_discover_tests(gtest_packet)
|
||||||
gtest_discover_tests(gtest_utils)
|
gtest_discover_tests(gtest_utils)
|
||||||
gtest_discover_tests(gtest_health_check_table)
|
gtest_discover_tests(gtest_health_check_table)
|
||||||
|
|||||||
@@ -146,6 +146,7 @@ TEST(HEALTH_CHECK_TABLE, SET_STATUS)
|
|||||||
EXPECT_TRUE(health_check_session_del(session_id3, 3) == 0);
|
EXPECT_TRUE(health_check_session_del(session_id3, 3) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if 0
|
||||||
TEST(HEALTH_CHECK_TABLE, DELETE)
|
TEST(HEALTH_CHECK_TABLE, DELETE)
|
||||||
{
|
{
|
||||||
uint64_t session_id1 = 0;
|
uint64_t session_id1 = 0;
|
||||||
@@ -194,6 +195,7 @@ TEST(HEALTH_CHECK_TABLE, DELETE)
|
|||||||
EXPECT_TRUE(health_check_session_del(session_id6, 6) == 0);
|
EXPECT_TRUE(health_check_session_del(session_id6, 6) == 0);
|
||||||
EXPECT_TRUE(health_check_session_del(session_id6, 6) == -1);
|
EXPECT_TRUE(health_check_session_del(session_id6, 6) == -1);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int main(int argc, char **argv)
|
int main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
|
|||||||
2545
common/test/gtest_packet.cpp
Normal file
2545
common/test/gtest_packet.cpp
Normal file
File diff suppressed because it is too large
Load Diff
@@ -41,34 +41,14 @@ TEST(UTILS, SIDS)
|
|||||||
struct sids src;
|
struct sids src;
|
||||||
struct sids dst;
|
struct sids dst;
|
||||||
|
|
||||||
// set src
|
|
||||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
||||||
{
|
{
|
||||||
src.elems[i] = i;
|
src.elems[i] = i;
|
||||||
}
|
}
|
||||||
src.num = MR_SID_LIST_MAXLEN;
|
src.num = MR_SID_LIST_MAXLEN;
|
||||||
|
|
||||||
// copy src to dst
|
sids_copy(&dst, &src);
|
||||||
memset(&dst, 0, sizeof(struct sids));
|
|
||||||
sids_write_once(&dst, &src);
|
|
||||||
|
|
||||||
// check dst
|
|
||||||
EXPECT_TRUE(dst.num == src.num);
|
|
||||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
|
||||||
{
|
|
||||||
EXPECT_TRUE(dst.elems[i] == i);
|
|
||||||
}
|
|
||||||
|
|
||||||
// update src
|
|
||||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
|
||||||
{
|
|
||||||
src.elems[i] = i * 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
// copy src to dst
|
|
||||||
sids_write_once(&dst, &src);
|
|
||||||
|
|
||||||
// check dst
|
|
||||||
EXPECT_TRUE(dst.num == src.num);
|
EXPECT_TRUE(dst.num == src.num);
|
||||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -112,16 +112,10 @@ struct selected_chaining
|
|||||||
char *session_addr;
|
char *session_addr;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct selected_chainings
|
const char *traffic_type_tostring(enum traffic_type traffic_type);
|
||||||
{
|
const char *forward_type_tostring(enum forward_type forward_type);
|
||||||
struct selected_chaining *chaining_raw;
|
const char *action_desc_tostring(enum action_desc action_desc);
|
||||||
struct selected_chaining *chaining_decrypted;
|
const char *encapsulate_method_tostring(enum encapsulate_method encap_method);
|
||||||
};
|
|
||||||
|
|
||||||
const char *traffic_type_to_string(enum traffic_type traffic_type);
|
|
||||||
const char *forward_type_to_string(enum forward_type forward_type);
|
|
||||||
const char *action_desc_to_string(enum action_desc action_desc);
|
|
||||||
const char *encapsulate_method_to_string(enum encapsulate_method encap_method);
|
|
||||||
|
|
||||||
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr);
|
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr);
|
||||||
void selected_chaining_destory(struct selected_chaining *chaining);
|
void selected_chaining_destory(struct selected_chaining *chaining);
|
||||||
@@ -131,14 +125,16 @@ void selected_chaining_uniq(struct selected_chaining *chaining);
|
|||||||
|
|
||||||
// return NULL : error
|
// return NULL : error
|
||||||
// return !NULL : success
|
// return !NULL : success
|
||||||
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger);
|
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num);
|
||||||
void policy_enforcer_destory(struct policy_enforcer *enforcer);
|
void policy_enforcer_destory(struct policy_enforcer *enforcer);
|
||||||
|
|
||||||
// return 0 : success
|
// return 0 : success
|
||||||
// return -1 : error
|
// return -1 : error
|
||||||
int policy_enforcer_register(struct policy_enforcer *enforcer);
|
int policy_enforcer_register(struct policy_enforcer *enforcer);
|
||||||
int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
|
int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
|
||||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int dir_is_i2e);
|
// direction 1: E2I
|
||||||
|
// direction 0: I2E
|
||||||
|
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int direction);
|
||||||
|
|
||||||
#ifdef __cpluscplus
|
#ifdef __cpluscplus
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -49,11 +49,11 @@ struct metadata
|
|||||||
uint64_t session_id;
|
uint64_t session_id;
|
||||||
uint32_t rehash_index;
|
uint32_t rehash_index;
|
||||||
|
|
||||||
char *raw_data;
|
char *raw_data; // refer to current packet data
|
||||||
int raw_len;
|
int raw_len;
|
||||||
uint16_t l7offset;
|
uint16_t l7offset;
|
||||||
|
|
||||||
int is_e2i_dir;
|
int direction; // 1: E2I; 0: I2E
|
||||||
int is_ctrl_pkt;
|
int is_ctrl_pkt;
|
||||||
int is_decrypted;
|
int is_decrypted;
|
||||||
|
|
||||||
@@ -61,11 +61,10 @@ struct metadata
|
|||||||
struct route_ctx route_ctx;
|
struct route_ctx route_ctx;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct metadata *metadata_new();
|
int metadata_isempty(struct metadata *meta);
|
||||||
int metadata_is_empty(struct metadata *meta);
|
void metadata_copy(struct metadata *dst, struct metadata *src);
|
||||||
void metadata_shallow_copy(struct metadata *dst, struct metadata *src);
|
|
||||||
void metadata_deep_copy(struct metadata *dst, struct metadata *src);
|
char *memdup(const char *src, int len);
|
||||||
void metadata_free(struct metadata *meta);
|
|
||||||
|
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
* Struct Session Ctx
|
* Struct Session Ctx
|
||||||
@@ -75,18 +74,24 @@ struct session_ctx
|
|||||||
{
|
{
|
||||||
uint64_t session_id;
|
uint64_t session_id;
|
||||||
char *session_addr;
|
char *session_addr;
|
||||||
|
|
||||||
|
// dup from received control packet, for sending control packet
|
||||||
|
char *ctrl_packet_header_data;
|
||||||
|
uint16_t ctrl_packet_header_len;
|
||||||
|
|
||||||
uint16_t vxlan_src_port;
|
uint16_t vxlan_src_port;
|
||||||
|
|
||||||
struct four_tuple inner_tuple4;
|
struct four_tuple inner_tuple4;
|
||||||
struct mutable_array rule_ids;
|
struct mutable_array rule_ids;
|
||||||
|
|
||||||
struct metadata *decrypted_meta_i2e;
|
struct metadata decrypted_meta_i2e;
|
||||||
struct metadata *decrypted_meta_e2i;
|
struct metadata decrypted_meta_e2i;
|
||||||
struct metadata *raw_meta_i2e;
|
struct metadata raw_meta_i2e;
|
||||||
struct metadata *raw_meta_e2i;
|
struct metadata raw_meta_e2i;
|
||||||
struct metadata *ctrl_meta;
|
struct metadata ctrl_meta;
|
||||||
|
|
||||||
struct selected_chainings chainings;
|
struct selected_chaining *chaining_raw;
|
||||||
|
struct selected_chaining *chaining_decrypted;
|
||||||
|
|
||||||
struct thread_ctx *ref_thread_ctx;
|
struct thread_ctx *ref_thread_ctx;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -220,13 +220,13 @@ static void global_metrics_parse_config(const char *profile, struct metrics_conf
|
|||||||
config->statsd_format = 1;
|
config->statsd_format = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG_DEBUG("%s: STAT->output_file : %s", LOG_TAG_METRICS, config->output_file);
|
LOG_DEBUG("STAT->output_file : %s", config->output_file);
|
||||||
LOG_DEBUG("%s: STAT->statsd_server : %s", LOG_TAG_METRICS, config->statsd_server);
|
LOG_DEBUG("STAT->statsd_server : %s", config->statsd_server);
|
||||||
LOG_DEBUG("%s: STAT->statsd_port : %d", LOG_TAG_METRICS, config->statsd_port);
|
LOG_DEBUG("STAT->statsd_port : %d", config->statsd_port);
|
||||||
LOG_DEBUG("%s: STAT->statsd_format : %d", LOG_TAG_METRICS, config->statsd_format);
|
LOG_DEBUG("STAT->statsd_format : %d", config->statsd_format);
|
||||||
LOG_DEBUG("%s: STAT->statsd_cycle : %d", LOG_TAG_METRICS, config->statsd_cycle);
|
LOG_DEBUG("STAT->statsd_cycle : %d", config->statsd_cycle);
|
||||||
LOG_DEBUG("%s: STAT->prometheus_listen_port : %d", LOG_TAG_METRICS, config->prometheus_listen_port);
|
LOG_DEBUG("STAT->prometheus_listen_port : %d", config->prometheus_listen_port);
|
||||||
LOG_DEBUG("%s: STAT->prometheus_listen_url : %s", LOG_TAG_METRICS, config->prometheus_listen_url);
|
LOG_DEBUG("STAT->prometheus_listen_url : %s", config->prometheus_listen_url);
|
||||||
}
|
}
|
||||||
|
|
||||||
struct global_metrics *global_metrics_create(const char *profile, int thread_num)
|
struct global_metrics *global_metrics_create(const char *profile, int thread_num)
|
||||||
@@ -264,7 +264,7 @@ struct global_metrics *global_metrics_create(const char *profile, int thread_num
|
|||||||
|
|
||||||
if (STAT_MAX >= (sizeof(global_metrics->fs_id) / sizeof(global_metrics->fs_id[0])))
|
if (STAT_MAX >= (sizeof(global_metrics->fs_id) / sizeof(global_metrics->fs_id[0])))
|
||||||
{
|
{
|
||||||
LOG_ERROR("%s: field stat has insufficient space to store fs_id, and supports a maximum of %lu fsids, but %d is needed ", LOG_TAG_METRICS, (sizeof(global_metrics->fs_id) / sizeof(global_metrics->fs_id[0])), STAT_MAX);
|
LOG_ERROR("field stat has insufficient space to store fs_id, and supports a maximum of %lu fsids, but %d is needed ", (sizeof(global_metrics->fs_id) / sizeof(global_metrics->fs_id[0])), STAT_MAX);
|
||||||
global_metrics_destory(global_metrics);
|
global_metrics_destory(global_metrics);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -283,6 +283,18 @@ void global_metrics_destory(struct global_metrics *global_metrics)
|
|||||||
{
|
{
|
||||||
if (global_metrics)
|
if (global_metrics)
|
||||||
{
|
{
|
||||||
|
if (global_metrics->thread_metrics_flag)
|
||||||
|
{
|
||||||
|
free(global_metrics->thread_metrics_flag);
|
||||||
|
global_metrics->thread_metrics_flag = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (global_metrics->thread_metrics_cache)
|
||||||
|
{
|
||||||
|
free(global_metrics->thread_metrics_cache);
|
||||||
|
global_metrics->thread_metrics_cache = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
FS_library_destroy();
|
FS_library_destroy();
|
||||||
free(global_metrics);
|
free(global_metrics);
|
||||||
global_metrics = NULL;
|
global_metrics = NULL;
|
||||||
|
|||||||
@@ -94,7 +94,7 @@ int mbuff_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
|
|||||||
|
|
||||||
// 1: E2I
|
// 1: E2I
|
||||||
// 0: I2E
|
// 0: I2E
|
||||||
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->is_e2i_dir), sizeof(meta->is_e2i_dir)) <= 0)
|
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->direction), sizeof(meta->direction)) <= 0)
|
||||||
{
|
{
|
||||||
LOG_ERROR("%s: unable to get buff_dir from metadata", LOG_TAG_PKTIO);
|
LOG_ERROR("%s: unable to get buff_dir from metadata", LOG_TAG_PKTIO);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -210,21 +210,23 @@ static void update_session_by_metadata(struct session_ctx *ctx, struct metadata
|
|||||||
|
|
||||||
if (meta->is_decrypted)
|
if (meta->is_decrypted)
|
||||||
{
|
{
|
||||||
dst_meta_i2e = ctx->decrypted_meta_i2e;
|
dst_meta_i2e = &ctx->decrypted_meta_i2e;
|
||||||
dst_meta_e2i = ctx->decrypted_meta_e2i;
|
dst_meta_e2i = &ctx->decrypted_meta_e2i;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
dst_meta_i2e = ctx->raw_meta_i2e;
|
dst_meta_i2e = &ctx->raw_meta_i2e;
|
||||||
dst_meta_e2i = ctx->raw_meta_e2i;
|
dst_meta_e2i = &ctx->raw_meta_e2i;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (meta->is_e2i_dir)
|
// 1: E2I
|
||||||
|
// 0: I2E
|
||||||
|
if (meta->direction)
|
||||||
{
|
{
|
||||||
// first packet update metadata
|
// first packet update metadata
|
||||||
if (metadata_is_empty(dst_meta_e2i))
|
if (metadata_isempty(dst_meta_e2i))
|
||||||
{
|
{
|
||||||
metadata_shallow_copy(dst_meta_e2i, meta);
|
metadata_copy(dst_meta_e2i, meta);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -235,9 +237,9 @@ static void update_session_by_metadata(struct session_ctx *ctx, struct metadata
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
// first packet update metadata
|
// first packet update metadata
|
||||||
if (metadata_is_empty(dst_meta_i2e))
|
if (metadata_isempty(dst_meta_i2e))
|
||||||
{
|
{
|
||||||
metadata_shallow_copy(dst_meta_i2e, meta);
|
metadata_copy(dst_meta_i2e, meta);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -254,30 +256,32 @@ static void update_metadata_by_session(struct session_ctx *ctx, struct metadata
|
|||||||
|
|
||||||
meta->session_id = ctx->session_id;
|
meta->session_id = ctx->session_id;
|
||||||
|
|
||||||
if (meta->is_e2i_dir)
|
// 1: E2I
|
||||||
|
// 0: I2E
|
||||||
|
if (meta->direction)
|
||||||
{
|
{
|
||||||
if (meta->is_decrypted)
|
if (meta->is_decrypted)
|
||||||
{
|
{
|
||||||
sids = &ctx->decrypted_meta_e2i->sids;
|
sids = &(ctx->decrypted_meta_e2i.sids);
|
||||||
route_ctx = &ctx->decrypted_meta_e2i->route_ctx;
|
route_ctx = &(ctx->decrypted_meta_e2i.route_ctx);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sids = &ctx->raw_meta_e2i->sids;
|
sids = &(ctx->raw_meta_e2i.sids);
|
||||||
route_ctx = &ctx->raw_meta_e2i->route_ctx;
|
route_ctx = &(ctx->raw_meta_e2i.route_ctx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (meta->is_decrypted)
|
if (meta->is_decrypted)
|
||||||
{
|
{
|
||||||
sids = &ctx->decrypted_meta_i2e->sids;
|
sids = &(ctx->decrypted_meta_i2e.sids);
|
||||||
route_ctx = &ctx->decrypted_meta_i2e->route_ctx;
|
route_ctx = &(ctx->decrypted_meta_i2e.route_ctx);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sids = &ctx->raw_meta_i2e->sids;
|
sids = &(ctx->raw_meta_i2e.sids);
|
||||||
route_ctx = &ctx->raw_meta_i2e->route_ctx;
|
route_ctx = &(ctx->raw_meta_i2e.route_ctx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -491,6 +495,7 @@ static inline int send_packet_to_sf(struct session_ctx *session_ctx, marsio_buff
|
|||||||
char *buffer = NULL;
|
char *buffer = NULL;
|
||||||
struct packet_io *packet_io = thread_ctx->ref_io;
|
struct packet_io *packet_io = thread_ctx->ref_io;
|
||||||
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
||||||
|
uint32_t rehash_index = session_ctx->ctrl_meta.rehash_index;
|
||||||
|
|
||||||
marsio_buff_ctrlzone_reset(mbuff);
|
marsio_buff_ctrlzone_reset(mbuff);
|
||||||
switch (sf->sf_connectivity.method)
|
switch (sf->sf_connectivity.method)
|
||||||
@@ -502,18 +507,18 @@ static inline int send_packet_to_sf(struct session_ctx *session_ctx, marsio_buff
|
|||||||
packet_io->config.dev_endpoint_l3_mac, sf->sf_dst_mac,
|
packet_io->config.dev_endpoint_l3_mac, sf->sf_dst_mac,
|
||||||
packet_io->config.dev_endpoint_l3_ip, sf->sf_dst_ip, thread_ctx->tx_packets_ipid % 65535,
|
packet_io->config.dev_endpoint_l3_ip, sf->sf_dst_ip, thread_ctx->tx_packets_ipid % 65535,
|
||||||
session_ctx->vxlan_src_port, meta->raw_len,
|
session_ctx->vxlan_src_port, meta->raw_len,
|
||||||
meta->is_e2i_dir, meta->is_decrypted, sf->sf_index);
|
meta->direction, meta->is_decrypted, sf->sf_index);
|
||||||
nsend = marsio_buff_datalen(mbuff);
|
nsend = marsio_buff_datalen(mbuff);
|
||||||
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &(session_ctx->ctrl_meta->rehash_index), sizeof(session_ctx->ctrl_meta->rehash_index));
|
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &rehash_index, sizeof(rehash_index));
|
||||||
marsio_send_burst(packet_io->dev_endpoint_l3.mr_path, thread_ctx->thread_index, &mbuff, 1);
|
marsio_send_burst(packet_io->dev_endpoint_l3.mr_path, thread_ctx->thread_index, &mbuff, 1);
|
||||||
throughput_metrics_inc(&(thread_metrics->device.endpoint_vxlan_tx), 1, nsend);
|
throughput_metrics_inc(&(thread_metrics->device.endpoint_vxlan_tx), 1, nsend);
|
||||||
break;
|
break;
|
||||||
case ENCAPSULATE_METHOD_LAYER2_SWITCH:
|
case ENCAPSULATE_METHOD_LAYER2_SWITCH:
|
||||||
vlan_encapsulate(mbuff,
|
vlan_encapsulate(mbuff,
|
||||||
meta->is_e2i_dir ? sf->sf_connectivity.ext_vlan_tag : sf->sf_connectivity.int_vlan_tag,
|
meta->direction ? sf->sf_connectivity.ext_vlan_tag : sf->sf_connectivity.int_vlan_tag,
|
||||||
packet_io->config.vlan_encapsulate_replace_orig_vlan_header);
|
packet_io->config.vlan_encapsulate_replace_orig_vlan_header);
|
||||||
nsend = marsio_buff_datalen(mbuff);
|
nsend = marsio_buff_datalen(mbuff);
|
||||||
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &(session_ctx->ctrl_meta->rehash_index), sizeof(session_ctx->ctrl_meta->rehash_index));
|
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &rehash_index, sizeof(rehash_index));
|
||||||
marsio_send_burst(packet_io->dev_endpoint_l2.mr_path, thread_ctx->thread_index, &mbuff, 1);
|
marsio_send_burst(packet_io->dev_endpoint_l2.mr_path, thread_ctx->thread_index, &mbuff, 1);
|
||||||
throughput_metrics_inc(&(thread_metrics->device.endpoint_vlan_tx), 1, nsend);
|
throughput_metrics_inc(&(thread_metrics->device.endpoint_vlan_tx), 1, nsend);
|
||||||
break;
|
break;
|
||||||
@@ -654,7 +659,7 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
|
|||||||
LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr,
|
LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr,
|
||||||
sf_index, chaining->chaining_used,
|
sf_index, chaining->chaining_used,
|
||||||
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
|
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
|
||||||
(meta->is_decrypted == 1 ? "decrypted" : "raw"), (meta->is_e2i_dir ? "E2I" : "I2E"), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc));
|
(meta->is_decrypted ? "decrypted" : "raw"), (meta->direction ? "E2I" : "I2E"), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc));
|
||||||
|
|
||||||
switch (sf->sf_action)
|
switch (sf->sf_action)
|
||||||
{
|
{
|
||||||
@@ -714,13 +719,13 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
|
|||||||
* handle session status
|
* handle session status
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_chainings *chainings, struct thread_ctx *thread_ctx)
|
static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *thread_ctx)
|
||||||
{
|
{
|
||||||
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
||||||
struct packet_io *packet_io = thread_ctx->ref_io;
|
struct packet_io *packet_io = thread_ctx->ref_io;
|
||||||
struct mutable_array *rule_ids = &session_ctx->rule_ids;
|
struct mutable_array *rule_ids = &session_ctx->rule_ids;
|
||||||
struct selected_chaining *chaining_raw = chainings->chaining_raw;
|
struct selected_chaining *chaining_raw = session_ctx->chaining_raw;
|
||||||
struct selected_chaining *chaining_decrypted = chainings->chaining_decrypted;
|
struct selected_chaining *chaining_decrypted = session_ctx->chaining_decrypted;
|
||||||
int thread_index = thread_ctx->thread_index;
|
int thread_index = thread_ctx->thread_index;
|
||||||
int sc_rsp_raw_exist = 0;
|
int sc_rsp_raw_exist = 0;
|
||||||
int sc_rsp_decrypted_exist = 0;
|
int sc_rsp_decrypted_exist = 0;
|
||||||
@@ -831,11 +836,11 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_cha
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG_INFO("%s: session %lu %s send event log %ld bytes", LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr, size);
|
LOG_INFO("%s: session %lu %s send event log %ld bytes", LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr, size);
|
||||||
|
|
||||||
marsio_buff_t *tx_buffs[1];
|
marsio_buff_t *tx_buffs[1];
|
||||||
char *packet_header_data = session_ctx->ctrl_meta->raw_data;
|
const char *packet_header_data = session_ctx->ctrl_packet_header_data;
|
||||||
int packet_header_len = session_ctx->ctrl_meta->l7offset;
|
int packet_header_len = session_ctx->ctrl_packet_header_len;
|
||||||
marsio_buff_malloc_global(packet_io->instance, tx_buffs, 1, 0, thread_index);
|
marsio_buff_malloc_global(packet_io->instance, tx_buffs, 1, 0, thread_index);
|
||||||
char *dst = marsio_buff_append(tx_buffs[0], packet_header_len + size);
|
char *dst = marsio_buff_append(tx_buffs[0], packet_header_len + size);
|
||||||
memcpy(dst, packet_header_data, packet_header_len);
|
memcpy(dst, packet_header_data, packet_header_len);
|
||||||
@@ -847,7 +852,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_cha
|
|||||||
meta.is_ctrl_pkt = 1;
|
meta.is_ctrl_pkt = 1;
|
||||||
meta.sids.num = 1;
|
meta.sids.num = 1;
|
||||||
meta.sids.elems[0] = sce_ctx->firewall_sids;
|
meta.sids.elems[0] = sce_ctx->firewall_sids;
|
||||||
route_ctx_copy(&meta.route_ctx, &session_ctx->ctrl_meta->route_ctx);
|
route_ctx_copy(&meta.route_ctx, &(session_ctx->ctrl_meta.route_ctx));
|
||||||
mbuff_set_metadata(tx_buffs[0], &meta);
|
mbuff_set_metadata(tx_buffs[0], &meta);
|
||||||
int nsend = marsio_buff_datalen(tx_buffs[0]);
|
int nsend = marsio_buff_datalen(tx_buffs[0]);
|
||||||
marsio_send_burst(packet_io->dev_nf.mr_path, thread_index, tx_buffs, 1);
|
marsio_send_burst(packet_io->dev_nf.mr_path, thread_index, tx_buffs, 1);
|
||||||
@@ -864,7 +869,7 @@ static void send_event_log(struct session_ctx *session_ctx, struct thread_ctx *t
|
|||||||
|
|
||||||
if (sce_ctx->enable_send_log)
|
if (sce_ctx->enable_send_log)
|
||||||
{
|
{
|
||||||
nsend = send_ctrl_packet(session_ctx, &session_ctx->chainings, thread_ctx);
|
nsend = send_ctrl_packet(session_ctx, thread_ctx);
|
||||||
if (nsend > 0)
|
if (nsend > 0)
|
||||||
{
|
{
|
||||||
ATOMIC_INC(&(thread_metrics->sf_session.log));
|
ATOMIC_INC(&(thread_metrics->sf_session.log));
|
||||||
@@ -885,9 +890,9 @@ static void dump_sf_metrics(struct session_ctx *session_ctx, struct selected_cha
|
|||||||
{
|
{
|
||||||
struct selected_sf *sf = &(chaining->chaining[i]);
|
struct selected_sf *sf = &(chaining->chaining[i]);
|
||||||
LOG_INFO("%s: session %lu %s metrics: policy %lu->%d->%d action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
|
LOG_INFO("%s: session %lu %s metrics: policy %lu->%d->%d action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
|
||||||
LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr,
|
LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr,
|
||||||
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
|
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
|
||||||
traffic_type_to_string(sf->traffic_type), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc),
|
traffic_type_tostring(sf->traffic_type), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc),
|
||||||
sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
|
sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -898,7 +903,7 @@ static void session_value_free_cb(void *ctx)
|
|||||||
session_ctx_free(s_ctx);
|
session_ctx_free(s_ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int is_e2i_dir, struct thread_ctx *thread_ctx)
|
static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int direction, struct thread_ctx *thread_ctx)
|
||||||
{
|
{
|
||||||
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
|
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
|
||||||
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
||||||
@@ -912,12 +917,12 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, data_pkt, rule_id, is_e2i_dir);
|
policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_id, direction);
|
||||||
|
|
||||||
if (sce_ctx->enable_debug)
|
if (sce_ctx->enable_debug)
|
||||||
{
|
{
|
||||||
selected_chaining_bref(session_ctx->chainings.chaining_raw);
|
selected_chaining_bref(session_ctx->chaining_raw);
|
||||||
selected_chaining_bref(session_ctx->chainings.chaining_decrypted);
|
selected_chaining_bref(session_ctx->chaining_decrypted);
|
||||||
}
|
}
|
||||||
|
|
||||||
mutable_array_add_elem(&session_ctx->rule_ids, rule_id);
|
mutable_array_add_elem(&session_ctx->rule_ids, rule_id);
|
||||||
@@ -925,51 +930,6 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void handle_session_opening(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
|
||||||
{
|
|
||||||
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
|
||||||
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
|
|
||||||
struct session_table *session_table = thread_ctx->session_table;
|
|
||||||
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
|
||||||
int chaining_size = policy_enforce_chaining_size(enforcer);
|
|
||||||
|
|
||||||
#if 0
|
|
||||||
if (session_table_search_by_id(session_table, meta->session_id))
|
|
||||||
{
|
|
||||||
return ;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
struct packet data_pkt;
|
|
||||||
struct four_tuple inner_tuple4;
|
|
||||||
const char *payload = packet_parse(&data_pkt, meta->raw_data, meta->raw_len);
|
|
||||||
sce_packet_get_innermost_tuple(&data_pkt, &inner_tuple4);
|
|
||||||
uint16_t real_offset = payload - meta->raw_data;
|
|
||||||
if (real_offset != meta->l7offset)
|
|
||||||
{
|
|
||||||
char *addr_str = four_tuple_tostring(&inner_tuple4);
|
|
||||||
LOG_ERROR("%s: incorrect dataoffset %d in the control zone of session %lu %s, the expect value is %d", LOG_TAG_PKTIO, meta->l7offset, meta->session_id, addr_str, real_offset);
|
|
||||||
free(addr_str);
|
|
||||||
}
|
|
||||||
|
|
||||||
struct session_ctx *session_ctx = session_ctx_new();
|
|
||||||
session_ctx->session_id = meta->session_id;
|
|
||||||
session_ctx->session_addr = sce_ctx->enable_debug ? four_tuple_tostring(&inner_tuple4) : NULL;
|
|
||||||
session_ctx->vxlan_src_port = calculate_vxlan_source_port(&inner_tuple4);
|
|
||||||
four_tuple_copy(&session_ctx->inner_tuple4, &inner_tuple4);
|
|
||||||
metadata_deep_copy(session_ctx->ctrl_meta, meta);
|
|
||||||
session_ctx->chainings.chaining_raw = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
|
||||||
session_ctx->chainings.chaining_decrypted = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
|
||||||
session_ctx->ref_thread_ctx = thread_ctx;
|
|
||||||
|
|
||||||
LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
|
|
||||||
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx);
|
|
||||||
send_event_log(session_ctx, thread_ctx);
|
|
||||||
|
|
||||||
session_table_insert(session_table, session_ctx->session_id, &session_ctx->inner_tuple4, session_ctx, session_value_free_cb);
|
|
||||||
ATOMIC_INC(&(thread_metrics->sf_session.num));
|
|
||||||
}
|
|
||||||
|
|
||||||
static void handle_session_closing(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
static void handle_session_closing(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
||||||
{
|
{
|
||||||
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
||||||
@@ -981,11 +941,8 @@ static void handle_session_closing(struct metadata *meta, struct control_packet
|
|||||||
struct session_ctx *s_ctx = (struct session_ctx *)node->value;
|
struct session_ctx *s_ctx = (struct session_ctx *)node->value;
|
||||||
LOG_INFO("%s: session %lu %s closing", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr);
|
LOG_INFO("%s: session %lu %s closing", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr);
|
||||||
|
|
||||||
struct selected_chaining *chaining_raw = s_ctx->chainings.chaining_raw;
|
dump_sf_metrics(s_ctx, s_ctx->chaining_raw);
|
||||||
dump_sf_metrics(s_ctx, chaining_raw);
|
dump_sf_metrics(s_ctx, s_ctx->chaining_decrypted);
|
||||||
|
|
||||||
struct selected_chaining *chaining_decrypted = s_ctx->chainings.chaining_decrypted;
|
|
||||||
dump_sf_metrics(s_ctx, chaining_decrypted);
|
|
||||||
|
|
||||||
session_table_delete_by_id(session_table, meta->session_id);
|
session_table_delete_by_id(session_table, meta->session_id);
|
||||||
ATOMIC_DEC(&(thread_metrics->sf_session.num));
|
ATOMIC_DEC(&(thread_metrics->sf_session.num));
|
||||||
@@ -995,6 +952,9 @@ static void handle_session_closing(struct metadata *meta, struct control_packet
|
|||||||
static void handle_session_active(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
static void handle_session_active(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
||||||
{
|
{
|
||||||
struct session_table *session_table = thread_ctx->session_table;
|
struct session_table *session_table = thread_ctx->session_table;
|
||||||
|
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
||||||
|
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
|
||||||
|
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
||||||
|
|
||||||
struct session_node *node = session_table_search_by_id(session_table, meta->session_id);
|
struct session_node *node = session_table_search_by_id(session_table, meta->session_id);
|
||||||
if (node)
|
if (node)
|
||||||
@@ -1010,12 +970,42 @@ static void handle_session_active(struct metadata *meta, struct control_packet *
|
|||||||
}
|
}
|
||||||
|
|
||||||
LOG_INFO("%s: session %lu %s active again", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
|
LOG_INFO("%s: session %lu %s active again", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
|
||||||
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx);
|
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->direction, thread_ctx);
|
||||||
send_event_log(session_ctx, thread_ctx);
|
send_event_log(session_ctx, thread_ctx);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
handle_session_opening(meta, ctrl_pkt, thread_ctx);
|
struct packet data_pkt;
|
||||||
|
struct four_tuple inner_tuple4;
|
||||||
|
const char *payload = packet_parse(&data_pkt, meta->raw_data, meta->raw_len);
|
||||||
|
sce_packet_get_innermost_tuple(&data_pkt, &inner_tuple4);
|
||||||
|
uint16_t real_offset = payload - meta->raw_data;
|
||||||
|
if (real_offset != meta->l7offset)
|
||||||
|
{
|
||||||
|
char *addr_str = four_tuple_tostring(&inner_tuple4);
|
||||||
|
LOG_ERROR("%s: incorrect dataoffset %d in the control zone of session %lu %s, the expect value is %d", LOG_TAG_PKTIO, meta->l7offset, meta->session_id, addr_str, real_offset);
|
||||||
|
free(addr_str);
|
||||||
|
}
|
||||||
|
|
||||||
|
int chaining_size = policy_enforce_chaining_size(enforcer);
|
||||||
|
struct session_ctx *session_ctx = session_ctx_new();
|
||||||
|
session_ctx->session_id = meta->session_id;
|
||||||
|
session_ctx->session_addr = sce_ctx->enable_debug ? four_tuple_tostring(&inner_tuple4) : NULL;
|
||||||
|
session_ctx->vxlan_src_port = calculate_vxlan_source_port(&inner_tuple4);
|
||||||
|
four_tuple_copy(&session_ctx->inner_tuple4, &inner_tuple4);
|
||||||
|
metadata_copy(&session_ctx->ctrl_meta, meta);
|
||||||
|
session_ctx->ctrl_packet_header_data = memdup(meta->raw_data, meta->raw_len);
|
||||||
|
session_ctx->ctrl_packet_header_len = meta->raw_len;
|
||||||
|
session_ctx->chaining_raw = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
||||||
|
session_ctx->chaining_decrypted = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
||||||
|
session_ctx->ref_thread_ctx = thread_ctx;
|
||||||
|
|
||||||
|
LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
|
||||||
|
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->direction, thread_ctx);
|
||||||
|
send_event_log(session_ctx, thread_ctx);
|
||||||
|
|
||||||
|
session_table_insert(session_table, session_ctx->session_id, &session_ctx->inner_tuple4, session_ctx, session_value_free_cb);
|
||||||
|
ATOMIC_INC(&(thread_metrics->sf_session.num));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1140,11 +1130,11 @@ static void handle_data_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread
|
|||||||
|
|
||||||
if (meta.is_decrypted == 1)
|
if (meta.is_decrypted == 1)
|
||||||
{
|
{
|
||||||
chaining = session_ctx->chainings.chaining_decrypted;
|
chaining = session_ctx->chaining_decrypted;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
chaining = session_ctx->chainings.chaining_raw;
|
chaining = session_ctx->chaining_raw;
|
||||||
}
|
}
|
||||||
if (chaining == NULL)
|
if (chaining == NULL)
|
||||||
{
|
{
|
||||||
@@ -1185,7 +1175,7 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
|
|||||||
meta.l7offset = 0;
|
meta.l7offset = 0;
|
||||||
meta.is_ctrl_pkt = 0;
|
meta.is_ctrl_pkt = 0;
|
||||||
sf_index = vxlan_get_opt(vxlan_hdr, VNI_OPT_SFINDEX);
|
sf_index = vxlan_get_opt(vxlan_hdr, VNI_OPT_SFINDEX);
|
||||||
meta.is_e2i_dir = vxlan_get_opt(vxlan_hdr, VNI_OPT_DIR);
|
meta.direction = vxlan_get_opt(vxlan_hdr, VNI_OPT_DIR);
|
||||||
meta.is_decrypted = vxlan_get_opt(vxlan_hdr, VNI_OPT_TRAFFIC);
|
meta.is_decrypted = vxlan_get_opt(vxlan_hdr, VNI_OPT_TRAFFIC);
|
||||||
|
|
||||||
session_ctx = inject_packet_search_session(session_table, meta.raw_data, meta.raw_len);
|
session_ctx = inject_packet_search_session(session_table, meta.raw_data, meta.raw_len);
|
||||||
@@ -1198,11 +1188,11 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
|
|||||||
|
|
||||||
if (meta.is_decrypted == 1)
|
if (meta.is_decrypted == 1)
|
||||||
{
|
{
|
||||||
chaining = session_ctx->chainings.chaining_decrypted;
|
chaining = session_ctx->chaining_decrypted;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
chaining = session_ctx->chainings.chaining_raw;
|
chaining = session_ctx->chaining_raw;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (chaining == NULL || sf_index < 0 || sf_index >= chaining->chaining_used)
|
if (chaining == NULL || sf_index < 0 || sf_index >= chaining->chaining_used)
|
||||||
|
|||||||
@@ -374,7 +374,7 @@ static void chaining_param_new_cb(const char *table_name, int table_id, const ch
|
|||||||
LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
|
LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_to_string(param->traffic_type));
|
LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_tostring(param->traffic_type));
|
||||||
|
|
||||||
// sff_profiles
|
// sff_profiles
|
||||||
item = cJSON_GetObjectItem(json, "sff_profiles");
|
item = cJSON_GetObjectItem(json, "sff_profiles");
|
||||||
@@ -515,7 +515,7 @@ static void sff_param_new_cb(const char *table_name, int table_id, const char *k
|
|||||||
LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line);
|
LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
LOG_DEBUG("%s: parse sff profile: %d, type: %s", LOG_TAG_POLICY, param->sff_profile_id, forward_type_to_string(param->sff_forward_type));
|
LOG_DEBUG("%s: parse sff profile: %d, type: %s", LOG_TAG_POLICY, param->sff_profile_id, forward_type_tostring(param->sff_forward_type));
|
||||||
|
|
||||||
// load_balance_method
|
// load_balance_method
|
||||||
if (0 == strcasecmp(load_balance_method, "hash-int-ip"))
|
if (0 == strcasecmp(load_balance_method, "hash-int-ip"))
|
||||||
@@ -820,7 +820,7 @@ static void sf_param_new_cb(const char *table_name, int table_id, const char *ke
|
|||||||
LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line);
|
LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, encapsulate_method_to_string(param->sf_connectivity.method));
|
LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, encapsulate_method_tostring(param->sf_connectivity.method));
|
||||||
|
|
||||||
if (param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER2_SWITCH || param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER3_SWITCH)
|
if (param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER2_SWITCH || param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER3_SWITCH)
|
||||||
{
|
{
|
||||||
@@ -1264,7 +1264,7 @@ static void select_sf_from_sff(struct policy_enforcer *enforcer, struct sff_para
|
|||||||
* Public API -- Utils
|
* Public API -- Utils
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
const char *traffic_type_to_string(enum traffic_type traffic_type)
|
const char *traffic_type_tostring(enum traffic_type traffic_type)
|
||||||
{
|
{
|
||||||
switch (traffic_type)
|
switch (traffic_type)
|
||||||
{
|
{
|
||||||
@@ -1279,7 +1279,7 @@ const char *traffic_type_to_string(enum traffic_type traffic_type)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *forward_type_to_string(enum forward_type forward_type)
|
const char *forward_type_tostring(enum forward_type forward_type)
|
||||||
{
|
{
|
||||||
switch (forward_type)
|
switch (forward_type)
|
||||||
{
|
{
|
||||||
@@ -1294,7 +1294,7 @@ const char *forward_type_to_string(enum forward_type forward_type)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *action_desc_to_string(enum action_desc action_desc)
|
const char *action_desc_tostring(enum action_desc action_desc)
|
||||||
{
|
{
|
||||||
switch (action_desc)
|
switch (action_desc)
|
||||||
{
|
{
|
||||||
@@ -1319,7 +1319,7 @@ const char *action_desc_to_string(enum action_desc action_desc)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *encapsulate_method_to_string(enum encapsulate_method encap_method)
|
const char *encapsulate_method_tostring(enum encapsulate_method encap_method)
|
||||||
{
|
{
|
||||||
switch (encap_method)
|
switch (encap_method)
|
||||||
{
|
{
|
||||||
@@ -1344,11 +1344,11 @@ const char *encapsulate_method_to_string(enum encapsulate_method encap_method)
|
|||||||
// return !NULL : success
|
// return !NULL : success
|
||||||
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr)
|
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr)
|
||||||
{
|
{
|
||||||
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining));
|
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining) + chaining_size * sizeof(struct selected_sf));
|
||||||
assert(chaining);
|
assert(chaining);
|
||||||
chaining->chaining_used = 0;
|
chaining->chaining_used = 0;
|
||||||
chaining->chaining_size = chaining_size;
|
chaining->chaining_size = chaining_size;
|
||||||
chaining->chaining = (struct selected_sf *)calloc(chaining->chaining_size, sizeof(struct selected_sf));
|
chaining->chaining = (struct selected_sf *)(chaining + 1);
|
||||||
assert(chaining->chaining);
|
assert(chaining->chaining);
|
||||||
|
|
||||||
chaining->session_id = session_id;
|
chaining->session_id = session_id;
|
||||||
@@ -1361,11 +1361,6 @@ void selected_chaining_destory(struct selected_chaining *chaining)
|
|||||||
{
|
{
|
||||||
if (chaining)
|
if (chaining)
|
||||||
{
|
{
|
||||||
if (chaining->chaining)
|
|
||||||
{
|
|
||||||
free(chaining->chaining);
|
|
||||||
chaining->chaining = NULL;
|
|
||||||
}
|
|
||||||
free(chaining);
|
free(chaining);
|
||||||
chaining = NULL;
|
chaining = NULL;
|
||||||
}
|
}
|
||||||
@@ -1386,14 +1381,14 @@ void selected_chaining_dump(struct selected_chaining *chaining)
|
|||||||
{
|
{
|
||||||
struct selected_sf *node = &(chaining->chaining[i]);
|
struct selected_sf *node = &(chaining->chaining[i]);
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_id : %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->rule_id);
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_id : %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->rule_id);
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_to_string(node->traffic_type));
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_tostring(node->traffic_type));
|
||||||
// sff
|
// sff
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, forward_type_to_string(node->sff_forward_type));
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, forward_type_tostring(node->sff_forward_type));
|
||||||
// sf
|
// sf
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_profile_id);
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_profile_id);
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action_desc : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, action_desc_to_string(node->sf_action_desc));
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action_desc : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, action_desc_tostring(node->sf_action_desc));
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->encapsulate_method : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, encapsulate_method_to_string(node->sf_connectivity.method));
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->encapsulate_method : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, encapsulate_method_tostring(node->sf_connectivity.method));
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.int_vlan_tag);
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.int_vlan_tag);
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->ext_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.ext_vlan_tag);
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->ext_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.ext_vlan_tag);
|
||||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->dest_ip : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.dest_ip);
|
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->dest_ip : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.dest_ip);
|
||||||
@@ -1423,7 +1418,7 @@ void selected_chaining_bref(struct selected_chaining *chaining)
|
|||||||
buff_used += snprintf(buff + buff_used, buff_size - buff_used,
|
buff_used += snprintf(buff + buff_used, buff_size - buff_used,
|
||||||
"\"node[%d]\":{\"policy\":\"%lu->%d->%d\",\"action\":\"%s->%s->%s\"}",
|
"\"node[%d]\":{\"policy\":\"%lu->%d->%d\",\"action\":\"%s->%s->%s\"}",
|
||||||
i, node->rule_id, node->sff_profile_id, node->sf_profile_id,
|
i, node->rule_id, node->sff_profile_id, node->sf_profile_id,
|
||||||
traffic_type_to_string(node->traffic_type), forward_type_to_string(node->sff_forward_type), action_desc_to_string(node->sf_action_desc));
|
traffic_type_tostring(node->traffic_type), forward_type_tostring(node->sff_forward_type), action_desc_tostring(node->sf_action_desc));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
LOG_INFO("%s: session %lu %s selected_chaining_bref: %s}", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, buff);
|
LOG_INFO("%s: session %lu %s selected_chaining_bref: %s}", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, buff);
|
||||||
@@ -1473,7 +1468,7 @@ void selected_chaining_uniq(struct selected_chaining *chaining)
|
|||||||
|
|
||||||
// return NULL : error
|
// return NULL : error
|
||||||
// return !NULL : success
|
// return !NULL : success
|
||||||
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger)
|
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
int redis_port_begin = 0;
|
int redis_port_begin = 0;
|
||||||
@@ -1671,7 +1666,7 @@ int policy_enforce_chaining_size(struct policy_enforcer *enforcer)
|
|||||||
return enforcer->config.max_chaining_size;
|
return enforcer->config.max_chaining_size;
|
||||||
}
|
}
|
||||||
|
|
||||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int dir_is_i2e)
|
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int direction)
|
||||||
{
|
{
|
||||||
int sff_profile_id;
|
int sff_profile_id;
|
||||||
struct selected_chaining *chaining = NULL;
|
struct selected_chaining *chaining = NULL;
|
||||||
@@ -1684,13 +1679,13 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
|||||||
|
|
||||||
if (chaining_param->traffic_type == TRAFFIC_TYPE_RAW)
|
if (chaining_param->traffic_type == TRAFFIC_TYPE_RAW)
|
||||||
{
|
{
|
||||||
chaining = chainings->chaining_raw;
|
chaining = s_ctx->chaining_raw;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
chaining = chainings->chaining_decrypted;
|
chaining = s_ctx->chaining_decrypted;
|
||||||
}
|
}
|
||||||
LOG_INFO("%s: session %lu %s enforce %s chaining: rule_id %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), rule_id);
|
LOG_INFO("%s: session %lu %s enforce %s chaining: rule_id %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_tostring(chaining_param->traffic_type), rule_id);
|
||||||
|
|
||||||
for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
|
for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
|
||||||
{
|
{
|
||||||
@@ -1717,14 +1712,14 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
|||||||
// sf_index
|
// sf_index
|
||||||
selected_sf->sf_index = chaining->chaining_used;
|
selected_sf->sf_index = chaining->chaining_used;
|
||||||
|
|
||||||
uint64_t packet_hash = packet_get_hash(data_pkt, sff_param->sff_ldbc.method, dir_is_i2e);
|
uint64_t packet_hash = packet_get_hash(data_pkt, sff_param->sff_ldbc.method, direction);
|
||||||
select_sf_from_sff(enforcer, sff_param, selected_sf, s_ctx, packet_hash);
|
select_sf_from_sff(enforcer, sff_param, selected_sf, s_ctx, packet_hash);
|
||||||
|
|
||||||
LOG_INFO("%s: session %lu %s enforce chaining [%d/%d]: policy: %lu->%d->%d, action: %s->%s->%s",
|
LOG_INFO("%s: session %lu %s enforce chaining [%d/%d]: policy: %lu->%d->%d, action: %s->%s->%s",
|
||||||
LOG_TAG_POLICY, chaining->session_id, chaining->session_addr,
|
LOG_TAG_POLICY, chaining->session_id, chaining->session_addr,
|
||||||
selected_sf->sf_index, chaining->chaining_size,
|
selected_sf->sf_index, chaining->chaining_size,
|
||||||
selected_sf->rule_id, selected_sf->sff_profile_id, selected_sf->sf_profile_id,
|
selected_sf->rule_id, selected_sf->sff_profile_id, selected_sf->sf_profile_id,
|
||||||
traffic_type_to_string(chaining_param->traffic_type), forward_type_to_string(selected_sf->sff_forward_type), action_desc_to_string(selected_sf->sf_action_desc));
|
traffic_type_tostring(chaining_param->traffic_type), forward_type_tostring(selected_sf->sff_forward_type), action_desc_tostring(selected_sf->sf_action_desc));
|
||||||
|
|
||||||
chaining->chaining_used++;
|
chaining->chaining_used++;
|
||||||
sff_param_free(sff_param);
|
sff_param_free(sff_param);
|
||||||
|
|||||||
@@ -9,14 +9,7 @@
|
|||||||
* Struct Metadata
|
* Struct Metadata
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
struct metadata *metadata_new()
|
int metadata_isempty(struct metadata *meta)
|
||||||
{
|
|
||||||
struct metadata *meta = (struct metadata *)calloc(1, sizeof(struct metadata));
|
|
||||||
|
|
||||||
return meta;
|
|
||||||
}
|
|
||||||
|
|
||||||
int metadata_is_empty(struct metadata *meta)
|
|
||||||
{
|
{
|
||||||
if (meta->write_ref == 0)
|
if (meta->write_ref == 0)
|
||||||
{
|
{
|
||||||
@@ -28,7 +21,7 @@ int metadata_is_empty(struct metadata *meta)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void metadata_shallow_copy(struct metadata *dst, struct metadata *src)
|
void metadata_copy(struct metadata *dst, struct metadata *src)
|
||||||
{
|
{
|
||||||
dst->write_ref++;
|
dst->write_ref++;
|
||||||
dst->session_id = src->session_id;
|
dst->session_id = src->session_id;
|
||||||
@@ -36,7 +29,7 @@ void metadata_shallow_copy(struct metadata *dst, struct metadata *src)
|
|||||||
dst->raw_data = NULL;
|
dst->raw_data = NULL;
|
||||||
dst->raw_len = 0;
|
dst->raw_len = 0;
|
||||||
dst->l7offset = src->l7offset;
|
dst->l7offset = src->l7offset;
|
||||||
dst->is_e2i_dir = src->is_e2i_dir;
|
dst->direction = src->direction;
|
||||||
dst->is_ctrl_pkt = src->is_ctrl_pkt;
|
dst->is_ctrl_pkt = src->is_ctrl_pkt;
|
||||||
dst->is_decrypted = src->is_decrypted;
|
dst->is_decrypted = src->is_decrypted;
|
||||||
|
|
||||||
@@ -44,28 +37,16 @@ void metadata_shallow_copy(struct metadata *dst, struct metadata *src)
|
|||||||
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
|
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
void metadata_deep_copy(struct metadata *dst, struct metadata *src)
|
char *memdup(const char *src, int len)
|
||||||
{
|
{
|
||||||
metadata_shallow_copy(dst, src);
|
if (src == NULL || len == 0)
|
||||||
|
|
||||||
dst->raw_data = (char *)calloc(src->raw_len + 1, sizeof(char));
|
|
||||||
memcpy(dst->raw_data, src->raw_data, src->raw_len);
|
|
||||||
dst->raw_len = src->raw_len;
|
|
||||||
}
|
|
||||||
|
|
||||||
void metadata_free(struct metadata *meta)
|
|
||||||
{
|
|
||||||
if (meta)
|
|
||||||
{
|
{
|
||||||
if (meta->raw_data)
|
return NULL;
|
||||||
{
|
|
||||||
free(meta->raw_data);
|
|
||||||
meta->raw_data = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
free(meta);
|
|
||||||
meta = NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
char *dst = (char *)calloc(len + 1, sizeof(char));
|
||||||
|
memcpy(dst, src, len);
|
||||||
|
return dst;
|
||||||
}
|
}
|
||||||
|
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
@@ -78,13 +59,6 @@ struct session_ctx *session_ctx_new()
|
|||||||
assert(session_ctx != NULL);
|
assert(session_ctx != NULL);
|
||||||
|
|
||||||
mutable_array_init(&session_ctx->rule_ids);
|
mutable_array_init(&session_ctx->rule_ids);
|
||||||
|
|
||||||
session_ctx->decrypted_meta_i2e = metadata_new();
|
|
||||||
session_ctx->decrypted_meta_e2i = metadata_new();
|
|
||||||
session_ctx->raw_meta_i2e = metadata_new();
|
|
||||||
session_ctx->raw_meta_e2i = metadata_new();
|
|
||||||
session_ctx->ctrl_meta = metadata_new();
|
|
||||||
|
|
||||||
return session_ctx;
|
return session_ctx;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -98,46 +72,22 @@ void session_ctx_free(struct session_ctx *session_ctx)
|
|||||||
session_ctx->session_addr = NULL;
|
session_ctx->session_addr = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (session_ctx->decrypted_meta_i2e)
|
if (session_ctx->ctrl_packet_header_data)
|
||||||
{
|
{
|
||||||
metadata_free(session_ctx->decrypted_meta_i2e);
|
free(session_ctx->ctrl_packet_header_data);
|
||||||
session_ctx->decrypted_meta_i2e = NULL;
|
session_ctx->ctrl_packet_header_data = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (session_ctx->decrypted_meta_e2i)
|
if (session_ctx->chaining_raw)
|
||||||
{
|
{
|
||||||
metadata_free(session_ctx->decrypted_meta_e2i);
|
selected_chaining_destory(session_ctx->chaining_raw);
|
||||||
session_ctx->decrypted_meta_e2i = NULL;
|
session_ctx->chaining_raw = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (session_ctx->raw_meta_i2e)
|
if (session_ctx->chaining_decrypted)
|
||||||
{
|
{
|
||||||
metadata_free(session_ctx->raw_meta_i2e);
|
selected_chaining_destory(session_ctx->chaining_decrypted);
|
||||||
session_ctx->raw_meta_i2e = NULL;
|
session_ctx->chaining_decrypted = NULL;
|
||||||
}
|
|
||||||
|
|
||||||
if (session_ctx->raw_meta_e2i)
|
|
||||||
{
|
|
||||||
metadata_free(session_ctx->raw_meta_e2i);
|
|
||||||
session_ctx->raw_meta_e2i = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (session_ctx->ctrl_meta)
|
|
||||||
{
|
|
||||||
metadata_free(session_ctx->ctrl_meta);
|
|
||||||
session_ctx->ctrl_meta = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (session_ctx->chainings.chaining_raw)
|
|
||||||
{
|
|
||||||
selected_chaining_destory(session_ctx->chainings.chaining_raw);
|
|
||||||
session_ctx->chainings.chaining_raw = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (session_ctx->chainings.chaining_decrypted)
|
|
||||||
{
|
|
||||||
selected_chaining_destory(session_ctx->chainings.chaining_decrypted);
|
|
||||||
session_ctx->chainings.chaining_decrypted = NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
free(session_ctx);
|
free(session_ctx);
|
||||||
@@ -175,7 +125,7 @@ struct sce_ctx *sce_ctx_create(const char *profile)
|
|||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
|
|
||||||
sce_ctx->enforcer = policy_enforcer_create("SCE", profile, sce_ctx->nr_worker_threads, NULL);
|
sce_ctx->enforcer = policy_enforcer_create("SCE", profile, sce_ctx->nr_worker_threads);
|
||||||
if (sce_ctx->enforcer == NULL)
|
if (sce_ctx->enforcer == NULL)
|
||||||
{
|
{
|
||||||
goto error_out;
|
goto error_out;
|
||||||
|
|||||||
@@ -88,7 +88,7 @@ struct sf_metrics *sf_metrics_create(const char *profile)
|
|||||||
handle->htable_elem_count = 0;
|
handle->htable_elem_count = 0;
|
||||||
if (handle->sockfd == -1)
|
if (handle->sockfd == -1)
|
||||||
{
|
{
|
||||||
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SF_METRICS, handle->telegraf_bind_address, handle->telegraf_listen_port, errno, strerror(errno));
|
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SFMETRICS, handle->telegraf_bind_address, handle->telegraf_listen_port, errno, strerror(errno));
|
||||||
sf_metrics_destory(handle);
|
sf_metrics_destory(handle);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -46,10 +46,10 @@ static void sf_status_parse_config(const char *profile, struct sf_status_config
|
|||||||
MESA_load_profile_int_def(profile, "METRICS", "telegraf_listen_port", &(config->telegraf_listen_port), 8300);
|
MESA_load_profile_int_def(profile, "METRICS", "telegraf_listen_port", &(config->telegraf_listen_port), 8300);
|
||||||
MESA_load_profile_string_def(profile, "METRICS", "telegraf_bind_address", config->telegraf_bind_address, sizeof(config->telegraf_bind_address), "127.0.0.1");
|
MESA_load_profile_string_def(profile, "METRICS", "telegraf_bind_address", config->telegraf_bind_address, sizeof(config->telegraf_bind_address), "127.0.0.1");
|
||||||
|
|
||||||
LOG_DEBUG("%s: METRICS->enable : %d", LOG_TAG_SF_STATUS, config->enable);
|
LOG_DEBUG("%s: METRICS->enable : %d", LOG_TAG_SFSTATUS, config->enable);
|
||||||
LOG_DEBUG("%s: METRICS->interval_s : %d", LOG_TAG_SF_STATUS, config->interval_s);
|
LOG_DEBUG("%s: METRICS->interval_s : %d", LOG_TAG_SFSTATUS, config->interval_s);
|
||||||
LOG_DEBUG("%s: METRICS->telegraf_listen_port : %d", LOG_TAG_SF_STATUS, config->telegraf_listen_port);
|
LOG_DEBUG("%s: METRICS->telegraf_listen_port : %d", LOG_TAG_SFSTATUS, config->telegraf_listen_port);
|
||||||
LOG_DEBUG("%s: METRICS->telegraf_bind_address : %s", LOG_TAG_SF_STATUS, config->telegraf_bind_address);
|
LOG_DEBUG("%s: METRICS->telegraf_bind_address : %s", LOG_TAG_SFSTATUS, config->telegraf_bind_address);
|
||||||
}
|
}
|
||||||
|
|
||||||
void sf_status_destory(struct sf_status *handle)
|
void sf_status_destory(struct sf_status *handle)
|
||||||
@@ -95,7 +95,7 @@ struct sf_status *sf_status_create(const char *profile)
|
|||||||
handle->htable_elem_count = 0;
|
handle->htable_elem_count = 0;
|
||||||
if (handle->sockfd == -1)
|
if (handle->sockfd == -1)
|
||||||
{
|
{
|
||||||
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SF_STATUS, handle->config.telegraf_bind_address, handle->config.telegraf_listen_port, errno, strerror(errno));
|
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SFSTATUS, handle->config.telegraf_bind_address, handle->config.telegraf_listen_port, errno, strerror(errno));
|
||||||
sf_status_destory(handle);
|
sf_status_destory(handle);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -110,7 +110,7 @@ void sf_status_reset(struct sf_status *handle)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG_DEBUG("%s: reset: elem_num %lu", LOG_TAG_SF_STATUS, handle->htable_elem_count);
|
LOG_DEBUG("%s: reset: elem_num %lu", LOG_TAG_SFSTATUS, handle->htable_elem_count);
|
||||||
|
|
||||||
struct node *temp = NULL;
|
struct node *temp = NULL;
|
||||||
struct node *node = NULL;
|
struct node *node = NULL;
|
||||||
@@ -136,14 +136,14 @@ void sf_status_delete(struct sf_status *handle, int sf_profile_id)
|
|||||||
if (temp)
|
if (temp)
|
||||||
{
|
{
|
||||||
handle->htable_elem_count--;
|
handle->htable_elem_count--;
|
||||||
LOG_DEBUG("%s: delete: sf_profile %d success, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, handle->htable_elem_count);
|
LOG_DEBUG("%s: delete: sf_profile %d success, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, handle->htable_elem_count);
|
||||||
HASH_DELETE(hh, handle->htable, temp);
|
HASH_DELETE(hh, handle->htable, temp);
|
||||||
free(temp);
|
free(temp);
|
||||||
temp = NULL;
|
temp = NULL;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
LOG_DEBUG("%s: delete: sf_profile %d not exists, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, handle->htable_elem_count);
|
LOG_DEBUG("%s: delete: sf_profile %d not exists, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, handle->htable_elem_count);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -160,7 +160,7 @@ void sf_status_update(struct sf_status *handle, int sf_vsys_id, int sf_profile_i
|
|||||||
{
|
{
|
||||||
if (temp->sf_status != sf_status)
|
if (temp->sf_status != sf_status)
|
||||||
{
|
{
|
||||||
LOG_DEBUG("%s: update: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
LOG_DEBUG("%s: update: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
||||||
}
|
}
|
||||||
temp->sf_vsys_id = sf_vsys_id;
|
temp->sf_vsys_id = sf_vsys_id;
|
||||||
temp->sf_profile_id = sf_profile_id;
|
temp->sf_profile_id = sf_profile_id;
|
||||||
@@ -170,7 +170,7 @@ void sf_status_update(struct sf_status *handle, int sf_vsys_id, int sf_profile_i
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
handle->htable_elem_count++;
|
handle->htable_elem_count++;
|
||||||
LOG_DEBUG("%s: insert: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
LOG_DEBUG("%s: insert: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
||||||
temp = (struct node *)calloc(1, sizeof(struct node));
|
temp = (struct node *)calloc(1, sizeof(struct node));
|
||||||
temp->sf_vsys_id = sf_vsys_id;
|
temp->sf_vsys_id = sf_vsys_id;
|
||||||
temp->sf_profile_id = sf_profile_id;
|
temp->sf_profile_id = sf_profile_id;
|
||||||
|
|||||||
@@ -178,31 +178,30 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1)
|
|||||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||||
|
|
||||||
const char *profile = "./test_resource/sce.conf";
|
const char *profile = "./test_resource/sce.conf";
|
||||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||||
EXPECT_TRUE(enforcer != nullptr);
|
EXPECT_TRUE(enforcer != nullptr);
|
||||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||||
|
|
||||||
int dir_is_i2e = 1;
|
int direction = 1;
|
||||||
struct selected_chainings chainings;
|
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||||
*/
|
*/
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 1);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_raw);
|
selected_chaining_dump(s_ctx.chaining_raw);
|
||||||
selected_chaining_bref(chainings.chaining_raw);
|
selected_chaining_bref(s_ctx.chaining_raw);
|
||||||
selected_chaining_destory(chainings.chaining_raw);
|
selected_chaining_destory(s_ctx.chaining_raw);
|
||||||
|
|
||||||
printf("Before Sleep\n");
|
printf("Before Sleep\n");
|
||||||
sleep(1);
|
sleep(1);
|
||||||
@@ -231,14 +230,13 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
|
|||||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||||
|
|
||||||
const char *profile = "./test_resource/sce.conf";
|
const char *profile = "./test_resource/sce.conf";
|
||||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||||
EXPECT_TRUE(enforcer != nullptr);
|
EXPECT_TRUE(enforcer != nullptr);
|
||||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||||
|
|
||||||
int dir_is_i2e = 1;
|
int direction = 1;
|
||||||
struct selected_chainings chainings;
|
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||||
@@ -274,29 +272,29 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
|
|||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||||
*/
|
*/
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 2);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 2);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_raw);
|
selected_chaining_dump(s_ctx.chaining_raw);
|
||||||
selected_chaining_bref(chainings.chaining_raw);
|
selected_chaining_bref(s_ctx.chaining_raw);
|
||||||
selected_chaining_destory(chainings.chaining_raw);
|
selected_chaining_destory(s_ctx.chaining_raw);
|
||||||
|
|
||||||
printf("Before Sleep\n");
|
printf("Before Sleep\n");
|
||||||
sleep(1);
|
sleep(1);
|
||||||
@@ -325,15 +323,14 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
|
|||||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||||
|
|
||||||
const char *profile = "./test_resource/sce.conf";
|
const char *profile = "./test_resource/sce.conf";
|
||||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||||
EXPECT_TRUE(enforcer != nullptr);
|
EXPECT_TRUE(enforcer != nullptr);
|
||||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||||
|
|
||||||
int dir_is_i2e = 1;
|
int direction = 1;
|
||||||
struct selected_chainings chainings;
|
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||||||
@@ -373,29 +370,29 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
|
|||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||||
*/
|
*/
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_raw);
|
selected_chaining_dump(s_ctx.chaining_raw);
|
||||||
selected_chaining_bref(chainings.chaining_raw);
|
selected_chaining_bref(s_ctx.chaining_raw);
|
||||||
selected_chaining_destory(chainings.chaining_raw);
|
selected_chaining_destory(s_ctx.chaining_raw);
|
||||||
|
|
||||||
printf("Before Sleep\n");
|
printf("Before Sleep\n");
|
||||||
sleep(1);
|
sleep(1);
|
||||||
@@ -424,14 +421,13 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
|
|||||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||||
|
|
||||||
const char *profile = "./test_resource/sce.conf";
|
const char *profile = "./test_resource/sce.conf";
|
||||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||||
EXPECT_TRUE(enforcer != nullptr);
|
EXPECT_TRUE(enforcer != nullptr);
|
||||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||||
|
|
||||||
int dir_is_i2e = 1;
|
int direction = 1;
|
||||||
struct selected_chainings chainings;
|
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||||||
@@ -439,17 +435,17 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
|
|||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||||
*/
|
*/
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 1);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_decrypted);
|
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_bref(chainings.chaining_decrypted);
|
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_destory(chainings.chaining_decrypted);
|
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||||
|
|
||||||
printf("Before Sleep\n");
|
printf("Before Sleep\n");
|
||||||
sleep(1);
|
sleep(1);
|
||||||
@@ -478,14 +474,13 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
|
|||||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||||
|
|
||||||
const char *profile = "./test_resource/sce.conf";
|
const char *profile = "./test_resource/sce.conf";
|
||||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||||
EXPECT_TRUE(enforcer != nullptr);
|
EXPECT_TRUE(enforcer != nullptr);
|
||||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||||
|
|
||||||
int dir_is_i2e = 1;
|
int direction = 1;
|
||||||
struct selected_chainings chainings;
|
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||||||
@@ -522,29 +517,29 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
|
|||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||||
*/
|
*/
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 12);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 12);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_decrypted);
|
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_bref(chainings.chaining_decrypted);
|
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_destory(chainings.chaining_decrypted);
|
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||||
|
|
||||||
printf("Before Sleep\n");
|
printf("Before Sleep\n");
|
||||||
sleep(1);
|
sleep(1);
|
||||||
@@ -573,15 +568,14 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
|
|||||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||||
|
|
||||||
const char *profile = "./test_resource/sce.conf";
|
const char *profile = "./test_resource/sce.conf";
|
||||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||||
EXPECT_TRUE(enforcer != nullptr);
|
EXPECT_TRUE(enforcer != nullptr);
|
||||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||||
|
|
||||||
int dir_is_i2e = 1;
|
int direction = 1;
|
||||||
struct selected_chainings chainings;
|
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||||||
@@ -621,29 +615,29 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
|
|||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||||
*/
|
*/
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_decrypted);
|
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_bref(chainings.chaining_decrypted);
|
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_destory(chainings.chaining_decrypted);
|
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||||
|
|
||||||
printf("Before Sleep\n");
|
printf("Before Sleep\n");
|
||||||
sleep(1);
|
sleep(1);
|
||||||
@@ -672,20 +666,19 @@ TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
|
|||||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||||
|
|
||||||
const char *profile = "./test_resource/sce.conf";
|
const char *profile = "./test_resource/sce.conf";
|
||||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||||
EXPECT_TRUE(enforcer != nullptr);
|
EXPECT_TRUE(enforcer != nullptr);
|
||||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||||
|
|
||||||
int dir_is_i2e = 1;
|
int direction = 1;
|
||||||
struct selected_chainings chainings;
|
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
|
||||||
// raw traffic multi hits
|
// raw traffic multi hits
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||||||
// decrypted traffic multi hits
|
// decrypted traffic multi hits
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||||||
@@ -769,54 +762,54 @@ TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// raw traffic
|
// raw traffic
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_raw);
|
selected_chaining_dump(s_ctx.chaining_raw);
|
||||||
selected_chaining_bref(chainings.chaining_raw);
|
selected_chaining_bref(s_ctx.chaining_raw);
|
||||||
selected_chaining_destory(chainings.chaining_raw);
|
selected_chaining_destory(s_ctx.chaining_raw);
|
||||||
|
|
||||||
// decrypted traffic
|
// decrypted traffic
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||||
|
|
||||||
selected_chaining_dump(chainings.chaining_decrypted);
|
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_bref(chainings.chaining_decrypted);
|
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||||
selected_chaining_destory(chainings.chaining_decrypted);
|
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||||
|
|
||||||
printf("Before Sleep\n");
|
printf("Before Sleep\n");
|
||||||
sleep(1);
|
sleep(1);
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ extern marsio_buff_t *marsio_mbuff_dup(marsio_buff_t *m);
|
|||||||
meta.raw_data = NULL; \
|
meta.raw_data = NULL; \
|
||||||
meta.raw_len = 0; \
|
meta.raw_len = 0; \
|
||||||
meta.l7offset = offset; \
|
meta.l7offset = offset; \
|
||||||
meta.is_e2i_dir = 0; \
|
meta.direction = 0; \
|
||||||
meta.is_ctrl_pkt = is_ctrl; \
|
meta.is_ctrl_pkt = is_ctrl; \
|
||||||
meta.is_decrypted = is_decrypt; \
|
meta.is_decrypted = is_decrypt; \
|
||||||
memset(&meta.sids.elems, 1, sizeof(meta.sids.elems)); \
|
memset(&meta.sids.elems, 1, sizeof(meta.sids.elems)); \
|
||||||
|
|||||||
Reference in New Issue
Block a user