perf: 删除无效代码;修改变量命名;减少内存分配
This commit is contained in:
luwenpeng
@@ -57,6 +57,7 @@ cmake3 -DCMAKE_CXX_FLAGS=$CXX_FLAGS \
|
||||
-DVERSION_DAILY_BUILD=$TESTING_VERSION_BUILD \
|
||||
..
|
||||
make -j 4
|
||||
make test
|
||||
|
||||
if [ -n "${PACKAGE}" ]; then
|
||||
make package
|
||||
|
||||
@@ -99,7 +99,9 @@ int packet_get_outermost_two_tuple(const struct packet *handler, struct two_tupl
|
||||
const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type);
|
||||
const struct layer_record *packet_get_outermost_layer(const struct packet *handler, enum layer_type type);
|
||||
|
||||
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int dir_is_i2e);
|
||||
// direction 1: E2I
|
||||
// direction 0: I2E
|
||||
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int direction);
|
||||
|
||||
#ifdef __cpluscplus
|
||||
}
|
||||
|
||||
@@ -13,9 +13,8 @@ extern "C"
|
||||
#define LOG_TAG_PKTIO "PACKET_IO"
|
||||
#define LOG_TAG_RAWPKT "DATA_PACKET"
|
||||
#define LOG_TAG_CTRLPKT "CTRL_PACKET"
|
||||
#define LOG_TAG_METRICS "G_METRICS"
|
||||
#define LOG_TAG_SF_METRICS "SF_METRICS"
|
||||
#define LOG_TAG_SF_STATUS "SF_STATUS"
|
||||
#define LOG_TAG_SFMETRICS "SF_METRICS"
|
||||
#define LOG_TAG_SFSTATUS "SF_STATUS"
|
||||
#define LOG_TAG_UTILS "UTILS"
|
||||
#define LOG_TAG_HEALTH_CHECK "HEALTH_CHECK"
|
||||
#define LOG_TAG_TIMESTAMP "TIMESTAMP"
|
||||
@@ -66,7 +65,6 @@ struct sids
|
||||
sid_t elems[MR_SID_LIST_MAXLEN];
|
||||
};
|
||||
|
||||
void sids_write_once(struct sids *dst, struct sids *src);
|
||||
void sids_copy(struct sids *dst, struct sids *src);
|
||||
|
||||
/******************************************************************************
|
||||
@@ -79,7 +77,6 @@ struct route_ctx
|
||||
int len;
|
||||
};
|
||||
|
||||
void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src);
|
||||
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src);
|
||||
|
||||
/******************************************************************************
|
||||
|
||||
@@ -1175,7 +1175,9 @@ const struct layer_record *packet_get_outermost_layer(const struct packet *handl
|
||||
return NULL;
|
||||
}
|
||||
|
||||
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int dir_is_i2e)
|
||||
// direction 1: E2I
|
||||
// direction 0: I2E
|
||||
uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int direction)
|
||||
{
|
||||
uint64_t temp = 0;
|
||||
uint64_t hash_value = 1;
|
||||
@@ -1216,23 +1218,27 @@ uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method,
|
||||
switch (method)
|
||||
{
|
||||
case LDBC_METHOD_HASH_INT_IP:
|
||||
if (dir_is_i2e)
|
||||
if (direction)
|
||||
{
|
||||
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
||||
// direction 1: E2I
|
||||
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
||||
}
|
||||
else
|
||||
{
|
||||
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
||||
// direction 0: I2E
|
||||
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
||||
}
|
||||
break;
|
||||
case LDBC_METHOD_HASH_EXT_IP:
|
||||
if (dir_is_i2e)
|
||||
if (direction)
|
||||
{
|
||||
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
||||
// direction 1: E2I
|
||||
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
||||
}
|
||||
else
|
||||
{
|
||||
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
|
||||
// direction 0: I2E
|
||||
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
|
||||
}
|
||||
break;
|
||||
case LDBC_METHOD_HASH_INT_IP_AND_EXT_IP:
|
||||
@@ -1241,23 +1247,27 @@ uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method,
|
||||
hash_value = hash_value ^ temp;
|
||||
break;
|
||||
case LDBC_METHOD_HASH_INNERMOST_INT_IP:
|
||||
if (dir_is_i2e)
|
||||
if (direction)
|
||||
{
|
||||
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
||||
// direction 1: E2I
|
||||
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
||||
}
|
||||
else
|
||||
{
|
||||
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
||||
// direction 0: I2E
|
||||
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
||||
}
|
||||
break;
|
||||
case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
|
||||
if (dir_is_i2e)
|
||||
if (direction)
|
||||
{
|
||||
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
||||
// direction 1: E2I
|
||||
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
||||
}
|
||||
else
|
||||
{
|
||||
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);
|
||||
// direction 0: I2E
|
||||
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
@@ -1268,7 +1278,7 @@ uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method,
|
||||
char *inner_addr_str = two_tuple_tostring(&inner_addr);
|
||||
char *outer_addr_str = two_tuple_tostring(&outer_addr);
|
||||
printf("%s: outer_addr: %s, inner_addr: %s, dir: %s, hash_method: %s, hash_value: %lu\n",
|
||||
LOG_PACKET, outer_addr_str, inner_addr_str, (dir_is_i2e ? "I2E" : "E2I"), ldbc_method_tostring(method), hash_value);
|
||||
LOG_PACKET, outer_addr_str, inner_addr_str, (direction ? "E2I" : "I2E"), ldbc_method_tostring(method), hash_value);
|
||||
free(inner_addr_str);
|
||||
free(outer_addr_str);
|
||||
#endif
|
||||
|
||||
@@ -102,17 +102,6 @@ int mutable_array_index_elem(struct mutable_array *array, int index)
|
||||
* sids
|
||||
******************************************************************************/
|
||||
|
||||
void sids_write_once(struct sids *dst, struct sids *src)
|
||||
{
|
||||
if (dst && src)
|
||||
{
|
||||
if (dst->num == 0 && src->num > 0)
|
||||
{
|
||||
sids_copy(dst, src);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void sids_copy(struct sids *dst, struct sids *src)
|
||||
{
|
||||
if (dst && src)
|
||||
@@ -126,17 +115,6 @@ void sids_copy(struct sids *dst, struct sids *src)
|
||||
* route_ctx
|
||||
******************************************************************************/
|
||||
|
||||
void route_ctx_write_once(struct route_ctx *dst, struct route_ctx *src)
|
||||
{
|
||||
if (dst && src)
|
||||
{
|
||||
if (dst->len == 0)
|
||||
{
|
||||
route_ctx_copy(dst, src);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void route_ctx_copy(struct route_ctx *dst, struct route_ctx *src)
|
||||
{
|
||||
memcpy(dst->data, src->data, src->len);
|
||||
|
||||
@@ -14,6 +14,14 @@ add_executable(gtest_control_packet gtest_control_packet.cpp)
|
||||
target_include_directories(gtest_control_packet PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
|
||||
target_link_libraries(gtest_control_packet common gtest)
|
||||
|
||||
###############################################################################
|
||||
# gtest_packet
|
||||
###############################################################################
|
||||
|
||||
add_executable(gtest_packet gtest_packet.cpp)
|
||||
target_include_directories(gtest_packet PUBLIC ${CMAKE_SOURCE_DIR}/common/include)
|
||||
target_link_libraries(gtest_packet common gtest)
|
||||
|
||||
###############################################################################
|
||||
# gtest_utils
|
||||
###############################################################################
|
||||
@@ -37,5 +45,6 @@ target_link_libraries(gtest_health_check_table common gtest platform)
|
||||
include(GoogleTest)
|
||||
gtest_discover_tests(gtest_session_table)
|
||||
gtest_discover_tests(gtest_control_packet)
|
||||
gtest_discover_tests(gtest_packet)
|
||||
gtest_discover_tests(gtest_utils)
|
||||
gtest_discover_tests(gtest_health_check_table)
|
||||
|
||||
@@ -146,6 +146,7 @@ TEST(HEALTH_CHECK_TABLE, SET_STATUS)
|
||||
EXPECT_TRUE(health_check_session_del(session_id3, 3) == 0);
|
||||
}
|
||||
|
||||
#if 0
|
||||
TEST(HEALTH_CHECK_TABLE, DELETE)
|
||||
{
|
||||
uint64_t session_id1 = 0;
|
||||
@@ -194,6 +195,7 @@ TEST(HEALTH_CHECK_TABLE, DELETE)
|
||||
EXPECT_TRUE(health_check_session_del(session_id6, 6) == 0);
|
||||
EXPECT_TRUE(health_check_session_del(session_id6, 6) == -1);
|
||||
}
|
||||
#endif
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
|
||||
2545
common/test/gtest_packet.cpp
Normal file
2545
common/test/gtest_packet.cpp
Normal file
File diff suppressed because it is too large
Load Diff
@@ -41,34 +41,14 @@ TEST(UTILS, SIDS)
|
||||
struct sids src;
|
||||
struct sids dst;
|
||||
|
||||
// set src
|
||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
||||
{
|
||||
src.elems[i] = i;
|
||||
}
|
||||
src.num = MR_SID_LIST_MAXLEN;
|
||||
|
||||
// copy src to dst
|
||||
memset(&dst, 0, sizeof(struct sids));
|
||||
sids_write_once(&dst, &src);
|
||||
sids_copy(&dst, &src);
|
||||
|
||||
// check dst
|
||||
EXPECT_TRUE(dst.num == src.num);
|
||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
||||
{
|
||||
EXPECT_TRUE(dst.elems[i] == i);
|
||||
}
|
||||
|
||||
// update src
|
||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
||||
{
|
||||
src.elems[i] = i * 2;
|
||||
}
|
||||
|
||||
// copy src to dst
|
||||
sids_write_once(&dst, &src);
|
||||
|
||||
// check dst
|
||||
EXPECT_TRUE(dst.num == src.num);
|
||||
for (int i = 0; i < MR_SID_LIST_MAXLEN; i++)
|
||||
{
|
||||
|
||||
@@ -112,16 +112,10 @@ struct selected_chaining
|
||||
char *session_addr;
|
||||
};
|
||||
|
||||
struct selected_chainings
|
||||
{
|
||||
struct selected_chaining *chaining_raw;
|
||||
struct selected_chaining *chaining_decrypted;
|
||||
};
|
||||
|
||||
const char *traffic_type_to_string(enum traffic_type traffic_type);
|
||||
const char *forward_type_to_string(enum forward_type forward_type);
|
||||
const char *action_desc_to_string(enum action_desc action_desc);
|
||||
const char *encapsulate_method_to_string(enum encapsulate_method encap_method);
|
||||
const char *traffic_type_tostring(enum traffic_type traffic_type);
|
||||
const char *forward_type_tostring(enum forward_type forward_type);
|
||||
const char *action_desc_tostring(enum action_desc action_desc);
|
||||
const char *encapsulate_method_tostring(enum encapsulate_method encap_method);
|
||||
|
||||
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr);
|
||||
void selected_chaining_destory(struct selected_chaining *chaining);
|
||||
@@ -131,14 +125,16 @@ void selected_chaining_uniq(struct selected_chaining *chaining);
|
||||
|
||||
// return NULL : error
|
||||
// return !NULL : success
|
||||
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger);
|
||||
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num);
|
||||
void policy_enforcer_destory(struct policy_enforcer *enforcer);
|
||||
|
||||
// return 0 : success
|
||||
// return -1 : error
|
||||
int policy_enforcer_register(struct policy_enforcer *enforcer);
|
||||
int policy_enforce_chaining_size(struct policy_enforcer *enforcer);
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int dir_is_i2e);
|
||||
// direction 1: E2I
|
||||
// direction 0: I2E
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int direction);
|
||||
|
||||
#ifdef __cpluscplus
|
||||
}
|
||||
|
||||
@@ -49,11 +49,11 @@ struct metadata
|
||||
uint64_t session_id;
|
||||
uint32_t rehash_index;
|
||||
|
||||
char *raw_data;
|
||||
char *raw_data; // refer to current packet data
|
||||
int raw_len;
|
||||
uint16_t l7offset;
|
||||
|
||||
int is_e2i_dir;
|
||||
int direction; // 1: E2I; 0: I2E
|
||||
int is_ctrl_pkt;
|
||||
int is_decrypted;
|
||||
|
||||
@@ -61,11 +61,10 @@ struct metadata
|
||||
struct route_ctx route_ctx;
|
||||
};
|
||||
|
||||
struct metadata *metadata_new();
|
||||
int metadata_is_empty(struct metadata *meta);
|
||||
void metadata_shallow_copy(struct metadata *dst, struct metadata *src);
|
||||
void metadata_deep_copy(struct metadata *dst, struct metadata *src);
|
||||
void metadata_free(struct metadata *meta);
|
||||
int metadata_isempty(struct metadata *meta);
|
||||
void metadata_copy(struct metadata *dst, struct metadata *src);
|
||||
|
||||
char *memdup(const char *src, int len);
|
||||
|
||||
/******************************************************************************
|
||||
* Struct Session Ctx
|
||||
@@ -75,18 +74,24 @@ struct session_ctx
|
||||
{
|
||||
uint64_t session_id;
|
||||
char *session_addr;
|
||||
|
||||
// dup from received control packet, for sending control packet
|
||||
char *ctrl_packet_header_data;
|
||||
uint16_t ctrl_packet_header_len;
|
||||
|
||||
uint16_t vxlan_src_port;
|
||||
|
||||
struct four_tuple inner_tuple4;
|
||||
struct mutable_array rule_ids;
|
||||
|
||||
struct metadata *decrypted_meta_i2e;
|
||||
struct metadata *decrypted_meta_e2i;
|
||||
struct metadata *raw_meta_i2e;
|
||||
struct metadata *raw_meta_e2i;
|
||||
struct metadata *ctrl_meta;
|
||||
struct metadata decrypted_meta_i2e;
|
||||
struct metadata decrypted_meta_e2i;
|
||||
struct metadata raw_meta_i2e;
|
||||
struct metadata raw_meta_e2i;
|
||||
struct metadata ctrl_meta;
|
||||
|
||||
struct selected_chainings chainings;
|
||||
struct selected_chaining *chaining_raw;
|
||||
struct selected_chaining *chaining_decrypted;
|
||||
|
||||
struct thread_ctx *ref_thread_ctx;
|
||||
};
|
||||
|
||||
@@ -220,13 +220,13 @@ static void global_metrics_parse_config(const char *profile, struct metrics_conf
|
||||
config->statsd_format = 1;
|
||||
}
|
||||
|
||||
LOG_DEBUG("%s: STAT->output_file : %s", LOG_TAG_METRICS, config->output_file);
|
||||
LOG_DEBUG("%s: STAT->statsd_server : %s", LOG_TAG_METRICS, config->statsd_server);
|
||||
LOG_DEBUG("%s: STAT->statsd_port : %d", LOG_TAG_METRICS, config->statsd_port);
|
||||
LOG_DEBUG("%s: STAT->statsd_format : %d", LOG_TAG_METRICS, config->statsd_format);
|
||||
LOG_DEBUG("%s: STAT->statsd_cycle : %d", LOG_TAG_METRICS, config->statsd_cycle);
|
||||
LOG_DEBUG("%s: STAT->prometheus_listen_port : %d", LOG_TAG_METRICS, config->prometheus_listen_port);
|
||||
LOG_DEBUG("%s: STAT->prometheus_listen_url : %s", LOG_TAG_METRICS, config->prometheus_listen_url);
|
||||
LOG_DEBUG("STAT->output_file : %s", config->output_file);
|
||||
LOG_DEBUG("STAT->statsd_server : %s", config->statsd_server);
|
||||
LOG_DEBUG("STAT->statsd_port : %d", config->statsd_port);
|
||||
LOG_DEBUG("STAT->statsd_format : %d", config->statsd_format);
|
||||
LOG_DEBUG("STAT->statsd_cycle : %d", config->statsd_cycle);
|
||||
LOG_DEBUG("STAT->prometheus_listen_port : %d", config->prometheus_listen_port);
|
||||
LOG_DEBUG("STAT->prometheus_listen_url : %s", config->prometheus_listen_url);
|
||||
}
|
||||
|
||||
struct global_metrics *global_metrics_create(const char *profile, int thread_num)
|
||||
@@ -264,7 +264,7 @@ struct global_metrics *global_metrics_create(const char *profile, int thread_num
|
||||
|
||||
if (STAT_MAX >= (sizeof(global_metrics->fs_id) / sizeof(global_metrics->fs_id[0])))
|
||||
{
|
||||
LOG_ERROR("%s: field stat has insufficient space to store fs_id, and supports a maximum of %lu fsids, but %d is needed ", LOG_TAG_METRICS, (sizeof(global_metrics->fs_id) / sizeof(global_metrics->fs_id[0])), STAT_MAX);
|
||||
LOG_ERROR("field stat has insufficient space to store fs_id, and supports a maximum of %lu fsids, but %d is needed ", (sizeof(global_metrics->fs_id) / sizeof(global_metrics->fs_id[0])), STAT_MAX);
|
||||
global_metrics_destory(global_metrics);
|
||||
return NULL;
|
||||
}
|
||||
@@ -283,6 +283,18 @@ void global_metrics_destory(struct global_metrics *global_metrics)
|
||||
{
|
||||
if (global_metrics)
|
||||
{
|
||||
if (global_metrics->thread_metrics_flag)
|
||||
{
|
||||
free(global_metrics->thread_metrics_flag);
|
||||
global_metrics->thread_metrics_flag = NULL;
|
||||
}
|
||||
|
||||
if (global_metrics->thread_metrics_cache)
|
||||
{
|
||||
free(global_metrics->thread_metrics_cache);
|
||||
global_metrics->thread_metrics_cache = NULL;
|
||||
}
|
||||
|
||||
FS_library_destroy();
|
||||
free(global_metrics);
|
||||
global_metrics = NULL;
|
||||
|
||||
@@ -94,7 +94,7 @@ int mbuff_get_metadata(marsio_buff_t *rx_buff, struct metadata *meta)
|
||||
|
||||
// 1: E2I
|
||||
// 0: I2E
|
||||
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->is_e2i_dir), sizeof(meta->is_e2i_dir)) <= 0)
|
||||
if (marsio_buff_get_metadata(rx_buff, MR_BUFF_DIR, &(meta->direction), sizeof(meta->direction)) <= 0)
|
||||
{
|
||||
LOG_ERROR("%s: unable to get buff_dir from metadata", LOG_TAG_PKTIO);
|
||||
return -1;
|
||||
@@ -210,21 +210,23 @@ static void update_session_by_metadata(struct session_ctx *ctx, struct metadata
|
||||
|
||||
if (meta->is_decrypted)
|
||||
{
|
||||
dst_meta_i2e = ctx->decrypted_meta_i2e;
|
||||
dst_meta_e2i = ctx->decrypted_meta_e2i;
|
||||
dst_meta_i2e = &ctx->decrypted_meta_i2e;
|
||||
dst_meta_e2i = &ctx->decrypted_meta_e2i;
|
||||
}
|
||||
else
|
||||
{
|
||||
dst_meta_i2e = ctx->raw_meta_i2e;
|
||||
dst_meta_e2i = ctx->raw_meta_e2i;
|
||||
dst_meta_i2e = &ctx->raw_meta_i2e;
|
||||
dst_meta_e2i = &ctx->raw_meta_e2i;
|
||||
}
|
||||
|
||||
if (meta->is_e2i_dir)
|
||||
// 1: E2I
|
||||
// 0: I2E
|
||||
if (meta->direction)
|
||||
{
|
||||
// first packet update metadata
|
||||
if (metadata_is_empty(dst_meta_e2i))
|
||||
if (metadata_isempty(dst_meta_e2i))
|
||||
{
|
||||
metadata_shallow_copy(dst_meta_e2i, meta);
|
||||
metadata_copy(dst_meta_e2i, meta);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -235,9 +237,9 @@ static void update_session_by_metadata(struct session_ctx *ctx, struct metadata
|
||||
else
|
||||
{
|
||||
// first packet update metadata
|
||||
if (metadata_is_empty(dst_meta_i2e))
|
||||
if (metadata_isempty(dst_meta_i2e))
|
||||
{
|
||||
metadata_shallow_copy(dst_meta_i2e, meta);
|
||||
metadata_copy(dst_meta_i2e, meta);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -254,30 +256,32 @@ static void update_metadata_by_session(struct session_ctx *ctx, struct metadata
|
||||
|
||||
meta->session_id = ctx->session_id;
|
||||
|
||||
if (meta->is_e2i_dir)
|
||||
// 1: E2I
|
||||
// 0: I2E
|
||||
if (meta->direction)
|
||||
{
|
||||
if (meta->is_decrypted)
|
||||
{
|
||||
sids = &ctx->decrypted_meta_e2i->sids;
|
||||
route_ctx = &ctx->decrypted_meta_e2i->route_ctx;
|
||||
sids = &(ctx->decrypted_meta_e2i.sids);
|
||||
route_ctx = &(ctx->decrypted_meta_e2i.route_ctx);
|
||||
}
|
||||
else
|
||||
{
|
||||
sids = &ctx->raw_meta_e2i->sids;
|
||||
route_ctx = &ctx->raw_meta_e2i->route_ctx;
|
||||
sids = &(ctx->raw_meta_e2i.sids);
|
||||
route_ctx = &(ctx->raw_meta_e2i.route_ctx);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (meta->is_decrypted)
|
||||
{
|
||||
sids = &ctx->decrypted_meta_i2e->sids;
|
||||
route_ctx = &ctx->decrypted_meta_i2e->route_ctx;
|
||||
sids = &(ctx->decrypted_meta_i2e.sids);
|
||||
route_ctx = &(ctx->decrypted_meta_i2e.route_ctx);
|
||||
}
|
||||
else
|
||||
{
|
||||
sids = &ctx->raw_meta_i2e->sids;
|
||||
route_ctx = &ctx->raw_meta_i2e->route_ctx;
|
||||
sids = &(ctx->raw_meta_i2e.sids);
|
||||
route_ctx = &(ctx->raw_meta_i2e.route_ctx);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -491,6 +495,7 @@ static inline int send_packet_to_sf(struct session_ctx *session_ctx, marsio_buff
|
||||
char *buffer = NULL;
|
||||
struct packet_io *packet_io = thread_ctx->ref_io;
|
||||
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
||||
uint32_t rehash_index = session_ctx->ctrl_meta.rehash_index;
|
||||
|
||||
marsio_buff_ctrlzone_reset(mbuff);
|
||||
switch (sf->sf_connectivity.method)
|
||||
@@ -502,18 +507,18 @@ static inline int send_packet_to_sf(struct session_ctx *session_ctx, marsio_buff
|
||||
packet_io->config.dev_endpoint_l3_mac, sf->sf_dst_mac,
|
||||
packet_io->config.dev_endpoint_l3_ip, sf->sf_dst_ip, thread_ctx->tx_packets_ipid % 65535,
|
||||
session_ctx->vxlan_src_port, meta->raw_len,
|
||||
meta->is_e2i_dir, meta->is_decrypted, sf->sf_index);
|
||||
meta->direction, meta->is_decrypted, sf->sf_index);
|
||||
nsend = marsio_buff_datalen(mbuff);
|
||||
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &(session_ctx->ctrl_meta->rehash_index), sizeof(session_ctx->ctrl_meta->rehash_index));
|
||||
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &rehash_index, sizeof(rehash_index));
|
||||
marsio_send_burst(packet_io->dev_endpoint_l3.mr_path, thread_ctx->thread_index, &mbuff, 1);
|
||||
throughput_metrics_inc(&(thread_metrics->device.endpoint_vxlan_tx), 1, nsend);
|
||||
break;
|
||||
case ENCAPSULATE_METHOD_LAYER2_SWITCH:
|
||||
vlan_encapsulate(mbuff,
|
||||
meta->is_e2i_dir ? sf->sf_connectivity.ext_vlan_tag : sf->sf_connectivity.int_vlan_tag,
|
||||
meta->direction ? sf->sf_connectivity.ext_vlan_tag : sf->sf_connectivity.int_vlan_tag,
|
||||
packet_io->config.vlan_encapsulate_replace_orig_vlan_header);
|
||||
nsend = marsio_buff_datalen(mbuff);
|
||||
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &(session_ctx->ctrl_meta->rehash_index), sizeof(session_ctx->ctrl_meta->rehash_index));
|
||||
marsio_buff_set_metadata(mbuff, MR_BUFF_REHASH_INDEX, &rehash_index, sizeof(rehash_index));
|
||||
marsio_send_burst(packet_io->dev_endpoint_l2.mr_path, thread_ctx->thread_index, &mbuff, 1);
|
||||
throughput_metrics_inc(&(thread_metrics->device.endpoint_vlan_tx), 1, nsend);
|
||||
break;
|
||||
@@ -654,7 +659,7 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
|
||||
LOG_TAG_POLICY, session_ctx->session_id, session_ctx->session_addr,
|
||||
sf_index, chaining->chaining_used,
|
||||
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
|
||||
(meta->is_decrypted == 1 ? "decrypted" : "raw"), (meta->is_e2i_dir ? "E2I" : "I2E"), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc));
|
||||
(meta->is_decrypted ? "decrypted" : "raw"), (meta->direction ? "E2I" : "I2E"), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc));
|
||||
|
||||
switch (sf->sf_action)
|
||||
{
|
||||
@@ -714,13 +719,13 @@ static void action_sf_chaining(struct thread_ctx *thread_ctx, struct session_ctx
|
||||
* handle session status
|
||||
******************************************************************************/
|
||||
|
||||
static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_chainings *chainings, struct thread_ctx *thread_ctx)
|
||||
static int send_ctrl_packet(struct session_ctx *session_ctx, struct thread_ctx *thread_ctx)
|
||||
{
|
||||
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
||||
struct packet_io *packet_io = thread_ctx->ref_io;
|
||||
struct mutable_array *rule_ids = &session_ctx->rule_ids;
|
||||
struct selected_chaining *chaining_raw = chainings->chaining_raw;
|
||||
struct selected_chaining *chaining_decrypted = chainings->chaining_decrypted;
|
||||
struct selected_chaining *chaining_raw = session_ctx->chaining_raw;
|
||||
struct selected_chaining *chaining_decrypted = session_ctx->chaining_decrypted;
|
||||
int thread_index = thread_ctx->thread_index;
|
||||
int sc_rsp_raw_exist = 0;
|
||||
int sc_rsp_decrypted_exist = 0;
|
||||
@@ -831,11 +836,11 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_cha
|
||||
return 0;
|
||||
}
|
||||
|
||||
LOG_INFO("%s: session %lu %s send event log %ld bytes", LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr, size);
|
||||
LOG_INFO("%s: session %lu %s send event log %ld bytes", LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr, size);
|
||||
|
||||
marsio_buff_t *tx_buffs[1];
|
||||
char *packet_header_data = session_ctx->ctrl_meta->raw_data;
|
||||
int packet_header_len = session_ctx->ctrl_meta->l7offset;
|
||||
const char *packet_header_data = session_ctx->ctrl_packet_header_data;
|
||||
int packet_header_len = session_ctx->ctrl_packet_header_len;
|
||||
marsio_buff_malloc_global(packet_io->instance, tx_buffs, 1, 0, thread_index);
|
||||
char *dst = marsio_buff_append(tx_buffs[0], packet_header_len + size);
|
||||
memcpy(dst, packet_header_data, packet_header_len);
|
||||
@@ -847,7 +852,7 @@ static int send_ctrl_packet(struct session_ctx *session_ctx, struct selected_cha
|
||||
meta.is_ctrl_pkt = 1;
|
||||
meta.sids.num = 1;
|
||||
meta.sids.elems[0] = sce_ctx->firewall_sids;
|
||||
route_ctx_copy(&meta.route_ctx, &session_ctx->ctrl_meta->route_ctx);
|
||||
route_ctx_copy(&meta.route_ctx, &(session_ctx->ctrl_meta.route_ctx));
|
||||
mbuff_set_metadata(tx_buffs[0], &meta);
|
||||
int nsend = marsio_buff_datalen(tx_buffs[0]);
|
||||
marsio_send_burst(packet_io->dev_nf.mr_path, thread_index, tx_buffs, 1);
|
||||
@@ -864,7 +869,7 @@ static void send_event_log(struct session_ctx *session_ctx, struct thread_ctx *t
|
||||
|
||||
if (sce_ctx->enable_send_log)
|
||||
{
|
||||
nsend = send_ctrl_packet(session_ctx, &session_ctx->chainings, thread_ctx);
|
||||
nsend = send_ctrl_packet(session_ctx, thread_ctx);
|
||||
if (nsend > 0)
|
||||
{
|
||||
ATOMIC_INC(&(thread_metrics->sf_session.log));
|
||||
@@ -885,9 +890,9 @@ static void dump_sf_metrics(struct session_ctx *session_ctx, struct selected_cha
|
||||
{
|
||||
struct selected_sf *sf = &(chaining->chaining[i]);
|
||||
LOG_INFO("%s: session %lu %s metrics: policy %lu->%d->%d action %s->%s->%s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu",
|
||||
LOG_TAG_METRICS, session_ctx->session_id, session_ctx->session_addr,
|
||||
LOG_TAG_SFMETRICS, session_ctx->session_id, session_ctx->session_addr,
|
||||
sf->rule_id, sf->sff_profile_id, sf->sf_profile_id,
|
||||
traffic_type_to_string(sf->traffic_type), forward_type_to_string(sf->sff_forward_type), action_desc_to_string(sf->sf_action_desc),
|
||||
traffic_type_tostring(sf->traffic_type), forward_type_tostring(sf->sff_forward_type), action_desc_tostring(sf->sf_action_desc),
|
||||
sf->rx.n_pkts, sf->rx.n_bytes, sf->tx.n_pkts, sf->tx.n_bytes);
|
||||
}
|
||||
}
|
||||
@@ -898,7 +903,7 @@ static void session_value_free_cb(void *ctx)
|
||||
session_ctx_free(s_ctx);
|
||||
}
|
||||
|
||||
static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int is_e2i_dir, struct thread_ctx *thread_ctx)
|
||||
static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct control_packet *ctrl_pkt, packet *data_pkt, int direction, struct thread_ctx *thread_ctx)
|
||||
{
|
||||
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
|
||||
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
||||
@@ -912,12 +917,12 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
|
||||
}
|
||||
else
|
||||
{
|
||||
policy_enforce_select_chainings(enforcer, &session_ctx->chainings, session_ctx, data_pkt, rule_id, is_e2i_dir);
|
||||
policy_enforce_select_chainings(enforcer, session_ctx, data_pkt, rule_id, direction);
|
||||
|
||||
if (sce_ctx->enable_debug)
|
||||
{
|
||||
selected_chaining_bref(session_ctx->chainings.chaining_raw);
|
||||
selected_chaining_bref(session_ctx->chainings.chaining_decrypted);
|
||||
selected_chaining_bref(session_ctx->chaining_raw);
|
||||
selected_chaining_bref(session_ctx->chaining_decrypted);
|
||||
}
|
||||
|
||||
mutable_array_add_elem(&session_ctx->rule_ids, rule_id);
|
||||
@@ -925,51 +930,6 @@ static void handle_policy_mutil_hits(struct session_ctx *session_ctx, struct con
|
||||
}
|
||||
}
|
||||
|
||||
static void handle_session_opening(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
||||
{
|
||||
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
||||
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
|
||||
struct session_table *session_table = thread_ctx->session_table;
|
||||
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
||||
int chaining_size = policy_enforce_chaining_size(enforcer);
|
||||
|
||||
#if 0
|
||||
if (session_table_search_by_id(session_table, meta->session_id))
|
||||
{
|
||||
return ;
|
||||
}
|
||||
#endif
|
||||
|
||||
struct packet data_pkt;
|
||||
struct four_tuple inner_tuple4;
|
||||
const char *payload = packet_parse(&data_pkt, meta->raw_data, meta->raw_len);
|
||||
sce_packet_get_innermost_tuple(&data_pkt, &inner_tuple4);
|
||||
uint16_t real_offset = payload - meta->raw_data;
|
||||
if (real_offset != meta->l7offset)
|
||||
{
|
||||
char *addr_str = four_tuple_tostring(&inner_tuple4);
|
||||
LOG_ERROR("%s: incorrect dataoffset %d in the control zone of session %lu %s, the expect value is %d", LOG_TAG_PKTIO, meta->l7offset, meta->session_id, addr_str, real_offset);
|
||||
free(addr_str);
|
||||
}
|
||||
|
||||
struct session_ctx *session_ctx = session_ctx_new();
|
||||
session_ctx->session_id = meta->session_id;
|
||||
session_ctx->session_addr = sce_ctx->enable_debug ? four_tuple_tostring(&inner_tuple4) : NULL;
|
||||
session_ctx->vxlan_src_port = calculate_vxlan_source_port(&inner_tuple4);
|
||||
four_tuple_copy(&session_ctx->inner_tuple4, &inner_tuple4);
|
||||
metadata_deep_copy(session_ctx->ctrl_meta, meta);
|
||||
session_ctx->chainings.chaining_raw = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
||||
session_ctx->chainings.chaining_decrypted = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
||||
session_ctx->ref_thread_ctx = thread_ctx;
|
||||
|
||||
LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
|
||||
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx);
|
||||
send_event_log(session_ctx, thread_ctx);
|
||||
|
||||
session_table_insert(session_table, session_ctx->session_id, &session_ctx->inner_tuple4, session_ctx, session_value_free_cb);
|
||||
ATOMIC_INC(&(thread_metrics->sf_session.num));
|
||||
}
|
||||
|
||||
static void handle_session_closing(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
||||
{
|
||||
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
||||
@@ -981,11 +941,8 @@ static void handle_session_closing(struct metadata *meta, struct control_packet
|
||||
struct session_ctx *s_ctx = (struct session_ctx *)node->value;
|
||||
LOG_INFO("%s: session %lu %s closing", LOG_TAG_PKTIO, s_ctx->session_id, s_ctx->session_addr);
|
||||
|
||||
struct selected_chaining *chaining_raw = s_ctx->chainings.chaining_raw;
|
||||
dump_sf_metrics(s_ctx, chaining_raw);
|
||||
|
||||
struct selected_chaining *chaining_decrypted = s_ctx->chainings.chaining_decrypted;
|
||||
dump_sf_metrics(s_ctx, chaining_decrypted);
|
||||
dump_sf_metrics(s_ctx, s_ctx->chaining_raw);
|
||||
dump_sf_metrics(s_ctx, s_ctx->chaining_decrypted);
|
||||
|
||||
session_table_delete_by_id(session_table, meta->session_id);
|
||||
ATOMIC_DEC(&(thread_metrics->sf_session.num));
|
||||
@@ -995,6 +952,9 @@ static void handle_session_closing(struct metadata *meta, struct control_packet
|
||||
static void handle_session_active(struct metadata *meta, struct control_packet *ctrl_pkt, struct thread_ctx *thread_ctx)
|
||||
{
|
||||
struct session_table *session_table = thread_ctx->session_table;
|
||||
struct thread_metrics *thread_metrics = &thread_ctx->thread_metrics;
|
||||
struct policy_enforcer *enforcer = thread_ctx->ref_enforcer;
|
||||
struct sce_ctx *sce_ctx = thread_ctx->ref_sce_ctx;
|
||||
|
||||
struct session_node *node = session_table_search_by_id(session_table, meta->session_id);
|
||||
if (node)
|
||||
@@ -1010,12 +970,42 @@ static void handle_session_active(struct metadata *meta, struct control_packet *
|
||||
}
|
||||
|
||||
LOG_INFO("%s: session %lu %s active again", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
|
||||
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->is_e2i_dir, thread_ctx);
|
||||
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->direction, thread_ctx);
|
||||
send_event_log(session_ctx, thread_ctx);
|
||||
}
|
||||
else
|
||||
{
|
||||
handle_session_opening(meta, ctrl_pkt, thread_ctx);
|
||||
struct packet data_pkt;
|
||||
struct four_tuple inner_tuple4;
|
||||
const char *payload = packet_parse(&data_pkt, meta->raw_data, meta->raw_len);
|
||||
sce_packet_get_innermost_tuple(&data_pkt, &inner_tuple4);
|
||||
uint16_t real_offset = payload - meta->raw_data;
|
||||
if (real_offset != meta->l7offset)
|
||||
{
|
||||
char *addr_str = four_tuple_tostring(&inner_tuple4);
|
||||
LOG_ERROR("%s: incorrect dataoffset %d in the control zone of session %lu %s, the expect value is %d", LOG_TAG_PKTIO, meta->l7offset, meta->session_id, addr_str, real_offset);
|
||||
free(addr_str);
|
||||
}
|
||||
|
||||
int chaining_size = policy_enforce_chaining_size(enforcer);
|
||||
struct session_ctx *session_ctx = session_ctx_new();
|
||||
session_ctx->session_id = meta->session_id;
|
||||
session_ctx->session_addr = sce_ctx->enable_debug ? four_tuple_tostring(&inner_tuple4) : NULL;
|
||||
session_ctx->vxlan_src_port = calculate_vxlan_source_port(&inner_tuple4);
|
||||
four_tuple_copy(&session_ctx->inner_tuple4, &inner_tuple4);
|
||||
metadata_copy(&session_ctx->ctrl_meta, meta);
|
||||
session_ctx->ctrl_packet_header_data = memdup(meta->raw_data, meta->raw_len);
|
||||
session_ctx->ctrl_packet_header_len = meta->raw_len;
|
||||
session_ctx->chaining_raw = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
||||
session_ctx->chaining_decrypted = selected_chaining_create(chaining_size, session_ctx->session_id, session_ctx->session_addr);
|
||||
session_ctx->ref_thread_ctx = thread_ctx;
|
||||
|
||||
LOG_INFO("%s: session %lu %s active first", LOG_TAG_PKTIO, session_ctx->session_id, session_ctx->session_addr);
|
||||
handle_policy_mutil_hits(session_ctx, ctrl_pkt, &data_pkt, meta->direction, thread_ctx);
|
||||
send_event_log(session_ctx, thread_ctx);
|
||||
|
||||
session_table_insert(session_table, session_ctx->session_id, &session_ctx->inner_tuple4, session_ctx, session_value_free_cb);
|
||||
ATOMIC_INC(&(thread_metrics->sf_session.num));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1140,11 +1130,11 @@ static void handle_data_packet(marsio_buff_t *rx_buff, struct thread_ctx *thread
|
||||
|
||||
if (meta.is_decrypted == 1)
|
||||
{
|
||||
chaining = session_ctx->chainings.chaining_decrypted;
|
||||
chaining = session_ctx->chaining_decrypted;
|
||||
}
|
||||
else
|
||||
{
|
||||
chaining = session_ctx->chainings.chaining_raw;
|
||||
chaining = session_ctx->chaining_raw;
|
||||
}
|
||||
if (chaining == NULL)
|
||||
{
|
||||
@@ -1185,7 +1175,7 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
|
||||
meta.l7offset = 0;
|
||||
meta.is_ctrl_pkt = 0;
|
||||
sf_index = vxlan_get_opt(vxlan_hdr, VNI_OPT_SFINDEX);
|
||||
meta.is_e2i_dir = vxlan_get_opt(vxlan_hdr, VNI_OPT_DIR);
|
||||
meta.direction = vxlan_get_opt(vxlan_hdr, VNI_OPT_DIR);
|
||||
meta.is_decrypted = vxlan_get_opt(vxlan_hdr, VNI_OPT_TRAFFIC);
|
||||
|
||||
session_ctx = inject_packet_search_session(session_table, meta.raw_data, meta.raw_len);
|
||||
@@ -1198,11 +1188,11 @@ static void handle_inject_vxlan_packet(marsio_buff_t *rx_buff, struct thread_ctx
|
||||
|
||||
if (meta.is_decrypted == 1)
|
||||
{
|
||||
chaining = session_ctx->chainings.chaining_decrypted;
|
||||
chaining = session_ctx->chaining_decrypted;
|
||||
}
|
||||
else
|
||||
{
|
||||
chaining = session_ctx->chainings.chaining_raw;
|
||||
chaining = session_ctx->chaining_raw;
|
||||
}
|
||||
|
||||
if (chaining == NULL || sf_index < 0 || sf_index >= chaining->chaining_used)
|
||||
|
||||
@@ -374,7 +374,7 @@ static void chaining_param_new_cb(const char *table_name, int table_id, const ch
|
||||
LOG_ERROR("%s: unexpected chaining rule: (invalid targeted_traffic param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_to_string(param->traffic_type));
|
||||
LOG_DEBUG("%s: parse chaining rule: %lu, targeted_traffic: %s", LOG_TAG_POLICY, param->rule_id, traffic_type_tostring(param->traffic_type));
|
||||
|
||||
// sff_profiles
|
||||
item = cJSON_GetObjectItem(json, "sff_profiles");
|
||||
@@ -515,7 +515,7 @@ static void sff_param_new_cb(const char *table_name, int table_id, const char *k
|
||||
LOG_ERROR("%s: unexpected sff profile: (invalid type param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
LOG_DEBUG("%s: parse sff profile: %d, type: %s", LOG_TAG_POLICY, param->sff_profile_id, forward_type_to_string(param->sff_forward_type));
|
||||
LOG_DEBUG("%s: parse sff profile: %d, type: %s", LOG_TAG_POLICY, param->sff_profile_id, forward_type_tostring(param->sff_forward_type));
|
||||
|
||||
// load_balance_method
|
||||
if (0 == strcasecmp(load_balance_method, "hash-int-ip"))
|
||||
@@ -820,7 +820,7 @@ static void sf_param_new_cb(const char *table_name, int table_id, const char *ke
|
||||
LOG_ERROR("%s: unexpected sf profile: (invalid connectivity->method param) %s", LOG_TAG_POLICY, table_line);
|
||||
goto error_out;
|
||||
}
|
||||
LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, encapsulate_method_to_string(param->sf_connectivity.method));
|
||||
LOG_DEBUG("%s: parse sf profile: %d, connectivity->method: %s", LOG_TAG_POLICY, param->sf_profile_id, encapsulate_method_tostring(param->sf_connectivity.method));
|
||||
|
||||
if (param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER2_SWITCH || param->sf_connectivity.method == ENCAPSULATE_METHOD_LAYER3_SWITCH)
|
||||
{
|
||||
@@ -1264,7 +1264,7 @@ static void select_sf_from_sff(struct policy_enforcer *enforcer, struct sff_para
|
||||
* Public API -- Utils
|
||||
******************************************************************************/
|
||||
|
||||
const char *traffic_type_to_string(enum traffic_type traffic_type)
|
||||
const char *traffic_type_tostring(enum traffic_type traffic_type)
|
||||
{
|
||||
switch (traffic_type)
|
||||
{
|
||||
@@ -1279,7 +1279,7 @@ const char *traffic_type_to_string(enum traffic_type traffic_type)
|
||||
}
|
||||
}
|
||||
|
||||
const char *forward_type_to_string(enum forward_type forward_type)
|
||||
const char *forward_type_tostring(enum forward_type forward_type)
|
||||
{
|
||||
switch (forward_type)
|
||||
{
|
||||
@@ -1294,7 +1294,7 @@ const char *forward_type_to_string(enum forward_type forward_type)
|
||||
}
|
||||
}
|
||||
|
||||
const char *action_desc_to_string(enum action_desc action_desc)
|
||||
const char *action_desc_tostring(enum action_desc action_desc)
|
||||
{
|
||||
switch (action_desc)
|
||||
{
|
||||
@@ -1319,7 +1319,7 @@ const char *action_desc_to_string(enum action_desc action_desc)
|
||||
}
|
||||
}
|
||||
|
||||
const char *encapsulate_method_to_string(enum encapsulate_method encap_method)
|
||||
const char *encapsulate_method_tostring(enum encapsulate_method encap_method)
|
||||
{
|
||||
switch (encap_method)
|
||||
{
|
||||
@@ -1344,11 +1344,11 @@ const char *encapsulate_method_to_string(enum encapsulate_method encap_method)
|
||||
// return !NULL : success
|
||||
struct selected_chaining *selected_chaining_create(int chaining_size, uint64_t session_id, char *session_addr)
|
||||
{
|
||||
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining));
|
||||
struct selected_chaining *chaining = (struct selected_chaining *)calloc(1, sizeof(struct selected_chaining) + chaining_size * sizeof(struct selected_sf));
|
||||
assert(chaining);
|
||||
chaining->chaining_used = 0;
|
||||
chaining->chaining_size = chaining_size;
|
||||
chaining->chaining = (struct selected_sf *)calloc(chaining->chaining_size, sizeof(struct selected_sf));
|
||||
chaining->chaining = (struct selected_sf *)(chaining + 1);
|
||||
assert(chaining->chaining);
|
||||
|
||||
chaining->session_id = session_id;
|
||||
@@ -1361,11 +1361,6 @@ void selected_chaining_destory(struct selected_chaining *chaining)
|
||||
{
|
||||
if (chaining)
|
||||
{
|
||||
if (chaining->chaining)
|
||||
{
|
||||
free(chaining->chaining);
|
||||
chaining->chaining = NULL;
|
||||
}
|
||||
free(chaining);
|
||||
chaining = NULL;
|
||||
}
|
||||
@@ -1386,14 +1381,14 @@ void selected_chaining_dump(struct selected_chaining *chaining)
|
||||
{
|
||||
struct selected_sf *node = &(chaining->chaining[i]);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->rule_id : %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->rule_id);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_to_string(node->traffic_type));
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->traffic_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, traffic_type_tostring(node->traffic_type));
|
||||
// sff
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sff_profile_id);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, forward_type_to_string(node->sff_forward_type));
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sff_forward_type : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, forward_type_tostring(node->sff_forward_type));
|
||||
// sf
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_profile_id : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_profile_id);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action_desc : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, action_desc_to_string(node->sf_action_desc));
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->encapsulate_method : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, encapsulate_method_to_string(node->sf_connectivity.method));
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_action_desc : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, action_desc_tostring(node->sf_action_desc));
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->encapsulate_method : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, encapsulate_method_tostring(node->sf_connectivity.method));
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->int_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.int_vlan_tag);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->ext_vlan_tag : %d", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.ext_vlan_tag);
|
||||
LOG_DEBUG("%s: session %lu %s selected_chaining->node[%d]->sf_connectivity->dest_ip : %s", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, i, node->sf_connectivity.dest_ip);
|
||||
@@ -1423,7 +1418,7 @@ void selected_chaining_bref(struct selected_chaining *chaining)
|
||||
buff_used += snprintf(buff + buff_used, buff_size - buff_used,
|
||||
"\"node[%d]\":{\"policy\":\"%lu->%d->%d\",\"action\":\"%s->%s->%s\"}",
|
||||
i, node->rule_id, node->sff_profile_id, node->sf_profile_id,
|
||||
traffic_type_to_string(node->traffic_type), forward_type_to_string(node->sff_forward_type), action_desc_to_string(node->sf_action_desc));
|
||||
traffic_type_tostring(node->traffic_type), forward_type_tostring(node->sff_forward_type), action_desc_tostring(node->sf_action_desc));
|
||||
}
|
||||
}
|
||||
LOG_INFO("%s: session %lu %s selected_chaining_bref: %s}", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, buff);
|
||||
@@ -1473,7 +1468,7 @@ void selected_chaining_uniq(struct selected_chaining *chaining)
|
||||
|
||||
// return NULL : error
|
||||
// return !NULL : success
|
||||
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num, void *logger)
|
||||
struct policy_enforcer *policy_enforcer_create(const char *instance, const char *profile, int thread_num)
|
||||
{
|
||||
int ret = 0;
|
||||
int redis_port_begin = 0;
|
||||
@@ -1671,7 +1666,7 @@ int policy_enforce_chaining_size(struct policy_enforcer *enforcer)
|
||||
return enforcer->config.max_chaining_size;
|
||||
}
|
||||
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct selected_chainings *chainings, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int dir_is_i2e)
|
||||
void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct session_ctx *s_ctx, struct packet *data_pkt, uint64_t rule_id, int direction)
|
||||
{
|
||||
int sff_profile_id;
|
||||
struct selected_chaining *chaining = NULL;
|
||||
@@ -1684,13 +1679,13 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
||||
|
||||
if (chaining_param->traffic_type == TRAFFIC_TYPE_RAW)
|
||||
{
|
||||
chaining = chainings->chaining_raw;
|
||||
chaining = s_ctx->chaining_raw;
|
||||
}
|
||||
else
|
||||
{
|
||||
chaining = chainings->chaining_decrypted;
|
||||
chaining = s_ctx->chaining_decrypted;
|
||||
}
|
||||
LOG_INFO("%s: session %lu %s enforce %s chaining: rule_id %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_to_string(chaining_param->traffic_type), rule_id);
|
||||
LOG_INFO("%s: session %lu %s enforce %s chaining: rule_id %lu", LOG_TAG_POLICY, chaining->session_id, chaining->session_addr, traffic_type_tostring(chaining_param->traffic_type), rule_id);
|
||||
|
||||
for (int i = 0; i < chaining_param->sff_profile_ids_num && chaining->chaining_used < chaining->chaining_size; i++)
|
||||
{
|
||||
@@ -1717,14 +1712,14 @@ void policy_enforce_select_chainings(struct policy_enforcer *enforcer, struct se
|
||||
// sf_index
|
||||
selected_sf->sf_index = chaining->chaining_used;
|
||||
|
||||
uint64_t packet_hash = packet_get_hash(data_pkt, sff_param->sff_ldbc.method, dir_is_i2e);
|
||||
uint64_t packet_hash = packet_get_hash(data_pkt, sff_param->sff_ldbc.method, direction);
|
||||
select_sf_from_sff(enforcer, sff_param, selected_sf, s_ctx, packet_hash);
|
||||
|
||||
LOG_INFO("%s: session %lu %s enforce chaining [%d/%d]: policy: %lu->%d->%d, action: %s->%s->%s",
|
||||
LOG_TAG_POLICY, chaining->session_id, chaining->session_addr,
|
||||
selected_sf->sf_index, chaining->chaining_size,
|
||||
selected_sf->rule_id, selected_sf->sff_profile_id, selected_sf->sf_profile_id,
|
||||
traffic_type_to_string(chaining_param->traffic_type), forward_type_to_string(selected_sf->sff_forward_type), action_desc_to_string(selected_sf->sf_action_desc));
|
||||
traffic_type_tostring(chaining_param->traffic_type), forward_type_tostring(selected_sf->sff_forward_type), action_desc_tostring(selected_sf->sf_action_desc));
|
||||
|
||||
chaining->chaining_used++;
|
||||
sff_param_free(sff_param);
|
||||
|
||||
@@ -9,14 +9,7 @@
|
||||
* Struct Metadata
|
||||
******************************************************************************/
|
||||
|
||||
struct metadata *metadata_new()
|
||||
{
|
||||
struct metadata *meta = (struct metadata *)calloc(1, sizeof(struct metadata));
|
||||
|
||||
return meta;
|
||||
}
|
||||
|
||||
int metadata_is_empty(struct metadata *meta)
|
||||
int metadata_isempty(struct metadata *meta)
|
||||
{
|
||||
if (meta->write_ref == 0)
|
||||
{
|
||||
@@ -28,7 +21,7 @@ int metadata_is_empty(struct metadata *meta)
|
||||
}
|
||||
}
|
||||
|
||||
void metadata_shallow_copy(struct metadata *dst, struct metadata *src)
|
||||
void metadata_copy(struct metadata *dst, struct metadata *src)
|
||||
{
|
||||
dst->write_ref++;
|
||||
dst->session_id = src->session_id;
|
||||
@@ -36,7 +29,7 @@ void metadata_shallow_copy(struct metadata *dst, struct metadata *src)
|
||||
dst->raw_data = NULL;
|
||||
dst->raw_len = 0;
|
||||
dst->l7offset = src->l7offset;
|
||||
dst->is_e2i_dir = src->is_e2i_dir;
|
||||
dst->direction = src->direction;
|
||||
dst->is_ctrl_pkt = src->is_ctrl_pkt;
|
||||
dst->is_decrypted = src->is_decrypted;
|
||||
|
||||
@@ -44,28 +37,16 @@ void metadata_shallow_copy(struct metadata *dst, struct metadata *src)
|
||||
route_ctx_copy(&dst->route_ctx, &src->route_ctx);
|
||||
}
|
||||
|
||||
void metadata_deep_copy(struct metadata *dst, struct metadata *src)
|
||||
char *memdup(const char *src, int len)
|
||||
{
|
||||
metadata_shallow_copy(dst, src);
|
||||
|
||||
dst->raw_data = (char *)calloc(src->raw_len + 1, sizeof(char));
|
||||
memcpy(dst->raw_data, src->raw_data, src->raw_len);
|
||||
dst->raw_len = src->raw_len;
|
||||
}
|
||||
|
||||
void metadata_free(struct metadata *meta)
|
||||
{
|
||||
if (meta)
|
||||
if (src == NULL || len == 0)
|
||||
{
|
||||
if (meta->raw_data)
|
||||
{
|
||||
free(meta->raw_data);
|
||||
meta->raw_data = NULL;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
free(meta);
|
||||
meta = NULL;
|
||||
}
|
||||
char *dst = (char *)calloc(len + 1, sizeof(char));
|
||||
memcpy(dst, src, len);
|
||||
return dst;
|
||||
}
|
||||
|
||||
/******************************************************************************
|
||||
@@ -78,13 +59,6 @@ struct session_ctx *session_ctx_new()
|
||||
assert(session_ctx != NULL);
|
||||
|
||||
mutable_array_init(&session_ctx->rule_ids);
|
||||
|
||||
session_ctx->decrypted_meta_i2e = metadata_new();
|
||||
session_ctx->decrypted_meta_e2i = metadata_new();
|
||||
session_ctx->raw_meta_i2e = metadata_new();
|
||||
session_ctx->raw_meta_e2i = metadata_new();
|
||||
session_ctx->ctrl_meta = metadata_new();
|
||||
|
||||
return session_ctx;
|
||||
}
|
||||
|
||||
@@ -98,46 +72,22 @@ void session_ctx_free(struct session_ctx *session_ctx)
|
||||
session_ctx->session_addr = NULL;
|
||||
}
|
||||
|
||||
if (session_ctx->decrypted_meta_i2e)
|
||||
if (session_ctx->ctrl_packet_header_data)
|
||||
{
|
||||
metadata_free(session_ctx->decrypted_meta_i2e);
|
||||
session_ctx->decrypted_meta_i2e = NULL;
|
||||
free(session_ctx->ctrl_packet_header_data);
|
||||
session_ctx->ctrl_packet_header_data = NULL;
|
||||
}
|
||||
|
||||
if (session_ctx->decrypted_meta_e2i)
|
||||
if (session_ctx->chaining_raw)
|
||||
{
|
||||
metadata_free(session_ctx->decrypted_meta_e2i);
|
||||
session_ctx->decrypted_meta_e2i = NULL;
|
||||
selected_chaining_destory(session_ctx->chaining_raw);
|
||||
session_ctx->chaining_raw = NULL;
|
||||
}
|
||||
|
||||
if (session_ctx->raw_meta_i2e)
|
||||
if (session_ctx->chaining_decrypted)
|
||||
{
|
||||
metadata_free(session_ctx->raw_meta_i2e);
|
||||
session_ctx->raw_meta_i2e = NULL;
|
||||
}
|
||||
|
||||
if (session_ctx->raw_meta_e2i)
|
||||
{
|
||||
metadata_free(session_ctx->raw_meta_e2i);
|
||||
session_ctx->raw_meta_e2i = NULL;
|
||||
}
|
||||
|
||||
if (session_ctx->ctrl_meta)
|
||||
{
|
||||
metadata_free(session_ctx->ctrl_meta);
|
||||
session_ctx->ctrl_meta = NULL;
|
||||
}
|
||||
|
||||
if (session_ctx->chainings.chaining_raw)
|
||||
{
|
||||
selected_chaining_destory(session_ctx->chainings.chaining_raw);
|
||||
session_ctx->chainings.chaining_raw = NULL;
|
||||
}
|
||||
|
||||
if (session_ctx->chainings.chaining_decrypted)
|
||||
{
|
||||
selected_chaining_destory(session_ctx->chainings.chaining_decrypted);
|
||||
session_ctx->chainings.chaining_decrypted = NULL;
|
||||
selected_chaining_destory(session_ctx->chaining_decrypted);
|
||||
session_ctx->chaining_decrypted = NULL;
|
||||
}
|
||||
|
||||
free(session_ctx);
|
||||
@@ -175,7 +125,7 @@ struct sce_ctx *sce_ctx_create(const char *profile)
|
||||
goto error_out;
|
||||
}
|
||||
|
||||
sce_ctx->enforcer = policy_enforcer_create("SCE", profile, sce_ctx->nr_worker_threads, NULL);
|
||||
sce_ctx->enforcer = policy_enforcer_create("SCE", profile, sce_ctx->nr_worker_threads);
|
||||
if (sce_ctx->enforcer == NULL)
|
||||
{
|
||||
goto error_out;
|
||||
|
||||
@@ -88,7 +88,7 @@ struct sf_metrics *sf_metrics_create(const char *profile)
|
||||
handle->htable_elem_count = 0;
|
||||
if (handle->sockfd == -1)
|
||||
{
|
||||
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SF_METRICS, handle->telegraf_bind_address, handle->telegraf_listen_port, errno, strerror(errno));
|
||||
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SFMETRICS, handle->telegraf_bind_address, handle->telegraf_listen_port, errno, strerror(errno));
|
||||
sf_metrics_destory(handle);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -46,10 +46,10 @@ static void sf_status_parse_config(const char *profile, struct sf_status_config
|
||||
MESA_load_profile_int_def(profile, "METRICS", "telegraf_listen_port", &(config->telegraf_listen_port), 8300);
|
||||
MESA_load_profile_string_def(profile, "METRICS", "telegraf_bind_address", config->telegraf_bind_address, sizeof(config->telegraf_bind_address), "127.0.0.1");
|
||||
|
||||
LOG_DEBUG("%s: METRICS->enable : %d", LOG_TAG_SF_STATUS, config->enable);
|
||||
LOG_DEBUG("%s: METRICS->interval_s : %d", LOG_TAG_SF_STATUS, config->interval_s);
|
||||
LOG_DEBUG("%s: METRICS->telegraf_listen_port : %d", LOG_TAG_SF_STATUS, config->telegraf_listen_port);
|
||||
LOG_DEBUG("%s: METRICS->telegraf_bind_address : %s", LOG_TAG_SF_STATUS, config->telegraf_bind_address);
|
||||
LOG_DEBUG("%s: METRICS->enable : %d", LOG_TAG_SFSTATUS, config->enable);
|
||||
LOG_DEBUG("%s: METRICS->interval_s : %d", LOG_TAG_SFSTATUS, config->interval_s);
|
||||
LOG_DEBUG("%s: METRICS->telegraf_listen_port : %d", LOG_TAG_SFSTATUS, config->telegraf_listen_port);
|
||||
LOG_DEBUG("%s: METRICS->telegraf_bind_address : %s", LOG_TAG_SFSTATUS, config->telegraf_bind_address);
|
||||
}
|
||||
|
||||
void sf_status_destory(struct sf_status *handle)
|
||||
@@ -95,7 +95,7 @@ struct sf_status *sf_status_create(const char *profile)
|
||||
handle->htable_elem_count = 0;
|
||||
if (handle->sockfd == -1)
|
||||
{
|
||||
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SF_STATUS, handle->config.telegraf_bind_address, handle->config.telegraf_listen_port, errno, strerror(errno));
|
||||
LOG_ERROR("%s: failed to create udp sockfd %s:%d, errno: %d, %s", LOG_TAG_SFSTATUS, handle->config.telegraf_bind_address, handle->config.telegraf_listen_port, errno, strerror(errno));
|
||||
sf_status_destory(handle);
|
||||
return NULL;
|
||||
}
|
||||
@@ -110,7 +110,7 @@ void sf_status_reset(struct sf_status *handle)
|
||||
return;
|
||||
}
|
||||
|
||||
LOG_DEBUG("%s: reset: elem_num %lu", LOG_TAG_SF_STATUS, handle->htable_elem_count);
|
||||
LOG_DEBUG("%s: reset: elem_num %lu", LOG_TAG_SFSTATUS, handle->htable_elem_count);
|
||||
|
||||
struct node *temp = NULL;
|
||||
struct node *node = NULL;
|
||||
@@ -136,14 +136,14 @@ void sf_status_delete(struct sf_status *handle, int sf_profile_id)
|
||||
if (temp)
|
||||
{
|
||||
handle->htable_elem_count--;
|
||||
LOG_DEBUG("%s: delete: sf_profile %d success, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, handle->htable_elem_count);
|
||||
LOG_DEBUG("%s: delete: sf_profile %d success, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, handle->htable_elem_count);
|
||||
HASH_DELETE(hh, handle->htable, temp);
|
||||
free(temp);
|
||||
temp = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
LOG_DEBUG("%s: delete: sf_profile %d not exists, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, handle->htable_elem_count);
|
||||
LOG_DEBUG("%s: delete: sf_profile %d not exists, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, handle->htable_elem_count);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -160,7 +160,7 @@ void sf_status_update(struct sf_status *handle, int sf_vsys_id, int sf_profile_i
|
||||
{
|
||||
if (temp->sf_status != sf_status)
|
||||
{
|
||||
LOG_DEBUG("%s: update: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
||||
LOG_DEBUG("%s: update: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
||||
}
|
||||
temp->sf_vsys_id = sf_vsys_id;
|
||||
temp->sf_profile_id = sf_profile_id;
|
||||
@@ -170,7 +170,7 @@ void sf_status_update(struct sf_status *handle, int sf_vsys_id, int sf_profile_i
|
||||
else
|
||||
{
|
||||
handle->htable_elem_count++;
|
||||
LOG_DEBUG("%s: insert: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SF_STATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
||||
LOG_DEBUG("%s: insert: sf_profile %d status %d success, elem_num %lu", LOG_TAG_SFSTATUS, sf_profile_id, sf_status, handle->htable_elem_count);
|
||||
temp = (struct node *)calloc(1, sizeof(struct node));
|
||||
temp->sf_vsys_id = sf_vsys_id;
|
||||
temp->sf_profile_id = sf_profile_id;
|
||||
|
||||
@@ -178,31 +178,30 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1)
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
||||
int direction = 1;
|
||||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 1);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
selected_chaining_dump(s_ctx.chaining_raw);
|
||||
selected_chaining_bref(s_ctx.chaining_raw);
|
||||
selected_chaining_destory(s_ctx.chaining_raw);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
@@ -231,14 +230,13 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
||||
int direction = 1;
|
||||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||||
@@ -274,29 +272,29 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 2);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
selected_chaining_dump(s_ctx.chaining_raw);
|
||||
selected_chaining_bref(s_ctx.chaining_raw);
|
||||
selected_chaining_destory(s_ctx.chaining_raw);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
@@ -325,15 +323,14 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
||||
int direction = 1;
|
||||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||||
@@ -373,29 +370,29 @@ TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
selected_chaining_dump(s_ctx.chaining_raw);
|
||||
selected_chaining_bref(s_ctx.chaining_raw);
|
||||
selected_chaining_destory(s_ctx.chaining_raw);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
@@ -424,14 +421,13 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
||||
int direction = 1;
|
||||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||||
@@ -439,17 +435,17 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 1);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
@@ -478,14 +474,13 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
||||
int direction = 1;
|
||||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||||
@@ -522,29 +517,29 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 12);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
@@ -573,15 +568,14 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
||||
int direction = 1;
|
||||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||||
@@ -621,29 +615,29 @@ TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||||
*/
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
@@ -672,20 +666,19 @@ TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
|
||||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||||
|
||||
const char *profile = "./test_resource/sce.conf";
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8, NULL);
|
||||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||||
EXPECT_TRUE(enforcer != nullptr);
|
||||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||||
|
||||
int dir_is_i2e = 1;
|
||||
struct selected_chainings chainings;
|
||||
chainings.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
chainings.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
int direction = 1;
|
||||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||||
// raw traffic multi hits
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 1, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 2, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||||
// decrypted traffic multi hits
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 11, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &chainings, &s_ctx, &handler, 12, dir_is_i2e);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||||
|
||||
/*
|
||||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||||
@@ -769,54 +762,54 @@ TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
|
||||
*/
|
||||
|
||||
// raw traffic
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining_used == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_raw);
|
||||
selected_chaining_bref(chainings.chaining_raw);
|
||||
selected_chaining_destory(chainings.chaining_raw);
|
||||
selected_chaining_dump(s_ctx.chaining_raw);
|
||||
selected_chaining_bref(s_ctx.chaining_raw);
|
||||
selected_chaining_destory(s_ctx.chaining_raw);
|
||||
|
||||
// decrypted traffic
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining_used == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(chainings.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||||
|
||||
selected_chaining_dump(chainings.chaining_decrypted);
|
||||
selected_chaining_bref(chainings.chaining_decrypted);
|
||||
selected_chaining_destory(chainings.chaining_decrypted);
|
||||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||||
|
||||
printf("Before Sleep\n");
|
||||
sleep(1);
|
||||
|
||||
@@ -34,7 +34,7 @@ extern marsio_buff_t *marsio_mbuff_dup(marsio_buff_t *m);
|
||||
meta.raw_data = NULL; \
|
||||
meta.raw_len = 0; \
|
||||
meta.l7offset = offset; \
|
||||
meta.is_e2i_dir = 0; \
|
||||
meta.direction = 0; \
|
||||
meta.is_ctrl_pkt = is_ctrl; \
|
||||
meta.is_decrypted = is_decrypt; \
|
||||
memset(&meta.sids.elems, 1, sizeof(meta.sids.elems)); \
|
||||
|
||||
Reference in New Issue
Block a user