#include #include "sce.h" #include "policy.h" #include "packet.h" #include "global_metrics.h" unsigned char data1[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94, 0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11, 0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd}; // 都不同 TEST(POLICY, SELECTED_CHAINING1) { struct selected_chaining *chainings = NULL; chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22"); EXPECT_TRUE(chainings != nullptr); chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; chainings->chaining[chainings->chaining_used++].sf_profile_id = 2; chainings->chaining[chainings->chaining_used++].sf_profile_id = 3; selected_chaining_uniq(chainings); selected_chaining_dump(chainings); EXPECT_TRUE(chainings->chaining_used == 3); EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1); EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2); EXPECT_TRUE(chainings->chaining[2].sf_profile_id == 3); selected_chaining_destory(chainings); } // 都相同 TEST(POLICY, SELECTED_CHAINING2) { struct selected_chaining *chainings = NULL; chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22"); EXPECT_TRUE(chainings != nullptr); chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; selected_chaining_uniq(chainings); selected_chaining_dump(chainings); EXPECT_TRUE(chainings->chaining_used == 1); EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1); selected_chaining_destory(chainings); } // 两个相同 (1,2相同) TEST(POLICY, SELECTED_CHAINING3) { struct selected_chaining *chainings = NULL; chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22"); EXPECT_TRUE(chainings != nullptr); chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; chainings->chaining[chainings->chaining_used++].sf_profile_id = 2; selected_chaining_uniq(chainings); selected_chaining_dump(chainings); EXPECT_TRUE(chainings->chaining_used == 2); EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1); EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2); selected_chaining_destory(chainings); } // 两个相同 (1,3相同) TEST(POLICY, SELECTED_CHAINING4) { struct selected_chaining *chainings = NULL; chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22"); EXPECT_TRUE(chainings != nullptr); chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; chainings->chaining[chainings->chaining_used++].sf_profile_id = 2; chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; selected_chaining_uniq(chainings); selected_chaining_dump(chainings); EXPECT_TRUE(chainings->chaining_used == 2); EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1); EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2); selected_chaining_destory(chainings); } // 两个相同 (2,3相同) TEST(POLICY, SELECTED_CHAINING5) { struct selected_chaining *chainings = NULL; chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22"); EXPECT_TRUE(chainings != nullptr); chainings->chaining[chainings->chaining_used++].sf_profile_id = 2; chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; selected_chaining_uniq(chainings); selected_chaining_dump(chainings); EXPECT_TRUE(chainings->chaining_used == 2); EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 2); EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 1); selected_chaining_destory(chainings); } // 没有数据 TEST(POLICY, SELECTED_CHAINING6) { struct selected_chaining *chainings = NULL; chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22"); EXPECT_TRUE(chainings != nullptr); selected_chaining_uniq(chainings); selected_chaining_dump(chainings); EXPECT_TRUE(chainings->chaining_used == 0); selected_chaining_destory(chainings); } // 只有一个 TEST(POLICY, SELECTED_CHAINING7) { struct selected_chaining *chainings = NULL; chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22"); EXPECT_TRUE(chainings != nullptr); chainings->chaining[chainings->chaining_used++].sf_profile_id = 1; selected_chaining_uniq(chainings); selected_chaining_dump(chainings); EXPECT_TRUE(chainings->chaining_used == 1); EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1); selected_chaining_destory(chainings); } #if 1 TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1) { struct global_metrics global_metrics; struct thread_ctx t_ctx; struct session_ctx s_ctx; t_ctx.ref_global_metrics = &global_metrics; s_ctx.ref_thread_ctx = &t_ctx; s_ctx.session_id = 1; s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22"; struct packet handler; const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); const char *profile = "./test_resource/sce.conf"; struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8); EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); int direction = 1; s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction); /* POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action */ EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_raw); selected_chaining_bref(s_ctx.chaining_raw); selected_chaining_destory(s_ctx.chaining_raw); printf("Before Sleep\n"); sleep(1); printf("After Sleep\n"); policy_enforcer_destory(enforcer); } #endif #if 1 TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2) { struct global_metrics global_metrics; struct thread_ctx t_ctx; struct session_ctx s_ctx; t_ctx.ref_global_metrics = &global_metrics; s_ctx.ref_thread_ctx = &t_ctx; s_ctx.session_id = 1; s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22"; struct packet handler; const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); const char *profile = "./test_resource/sce.conf"; struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8); EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); int direction = 1; s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction); /* POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action */ EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 2); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_raw); selected_chaining_bref(s_ctx.chaining_raw); selected_chaining_destory(s_ctx.chaining_raw); printf("Before Sleep\n"); sleep(1); printf("After Sleep\n"); policy_enforcer_destory(enforcer); } #endif #if 1 TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS) { struct global_metrics global_metrics; struct thread_ctx t_ctx; struct session_ctx s_ctx; t_ctx.ref_global_metrics = &global_metrics; s_ctx.ref_thread_ctx = &t_ctx; s_ctx.session_id = 1; s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22"; struct packet handler; const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); const char *profile = "./test_resource/sce.conf"; struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8); EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); int direction = 1; s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction); /* POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action */ EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_raw); selected_chaining_bref(s_ctx.chaining_raw); selected_chaining_destory(s_ctx.chaining_raw); printf("Before Sleep\n"); sleep(1); printf("After Sleep\n"); policy_enforcer_destory(enforcer); } #endif #if 1 TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1) { struct global_metrics global_metrics; struct thread_ctx t_ctx; struct session_ctx s_ctx; t_ctx.ref_global_metrics = &global_metrics; s_ctx.ref_thread_ctx = &t_ctx; s_ctx.session_id = 1; s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22"; struct packet handler; const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); const char *profile = "./test_resource/sce.conf"; struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8); EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); int direction = 1; s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction); /* POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action */ EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_decrypted); selected_chaining_bref(s_ctx.chaining_decrypted); selected_chaining_destory(s_ctx.chaining_decrypted); printf("Before Sleep\n"); sleep(1); printf("After Sleep\n"); policy_enforcer_destory(enforcer); } #endif #if 1 TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2) { struct global_metrics global_metrics; struct thread_ctx t_ctx; struct session_ctx s_ctx; t_ctx.ref_global_metrics = &global_metrics; s_ctx.ref_thread_ctx = &t_ctx; s_ctx.session_id = 1; s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22"; struct packet handler; const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); const char *profile = "./test_resource/sce.conf"; struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8); EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); int direction = 1; s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction); /* POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action */ EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 12); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_decrypted); selected_chaining_bref(s_ctx.chaining_decrypted); selected_chaining_destory(s_ctx.chaining_decrypted); printf("Before Sleep\n"); sleep(1); printf("After Sleep\n"); policy_enforcer_destory(enforcer); } #endif #if 1 TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS) { struct global_metrics global_metrics; struct thread_ctx t_ctx; struct session_ctx s_ctx; t_ctx.ref_global_metrics = &global_metrics; s_ctx.ref_thread_ctx = &t_ctx; s_ctx.session_id = 1; s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22"; struct packet handler; const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); const char *profile = "./test_resource/sce.conf"; struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8); EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); int direction = 1; s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction); /* POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action */ EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_decrypted); selected_chaining_bref(s_ctx.chaining_decrypted); selected_chaining_destory(s_ctx.chaining_decrypted); printf("Before Sleep\n"); sleep(1); printf("After Sleep\n"); policy_enforcer_destory(enforcer); } #endif #if 1 TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS) { struct global_metrics global_metrics; struct thread_ctx t_ctx; struct session_ctx s_ctx; t_ctx.ref_global_metrics = &global_metrics; s_ctx.ref_thread_ctx = &t_ctx; s_ctx.session_id = 1; s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22"; struct packet handler; const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); const char *profile = "./test_resource/sce.conf"; struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8); EXPECT_TRUE(enforcer != nullptr); EXPECT_TRUE(policy_enforcer_register(enforcer) == 0); int direction = 1; s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr); // raw traffic multi hits policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction); // decrypted traffic multi hits policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction); policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction); /* POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12 POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, { "node[0]":{"rule_id":1,"sff_profile_id":1,"sf_profile_id":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"}, "node[1]":{"rule_id":2,"sff_profile_id":3,"sf_profile_id":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}, "node[2]":{"rule_id":2,"sff_profile_id":6,"sf_profile_id":1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}} POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, { "node[0]":{"rule_id":11,"sff_profile_id":1,"sf_profile_id":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"}, "node[1]":{"rule_id":12,"sff_profile_id":3,"sf_profile_id":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}, "node[2]":{"rule_id":12,"sff_profile_id":6,"sf_profile_id":1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}} */ // raw traffic EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_raw); selected_chaining_bref(s_ctx.chaining_raw); selected_chaining_destory(s_ctx.chaining_raw); // decrypted traffic EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK); EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION); selected_chaining_dump(s_ctx.chaining_decrypted); selected_chaining_bref(s_ctx.chaining_decrypted); selected_chaining_destory(s_ctx.chaining_decrypted); printf("Before Sleep\n"); sleep(1); printf("After Sleep\n"); policy_enforcer_destory(enforcer); } #endif int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); }