926 lines
51 KiB
C++
926 lines
51 KiB
C++
#include <gtest/gtest.h>
|
||
|
||
#include "sce.h"
|
||
#include "policy.h"
|
||
#include "packet.h"
|
||
#include "global_metrics.h"
|
||
|
||
unsigned char data1[] = {
|
||
0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94,
|
||
0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11,
|
||
0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10,
|
||
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
|
||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
|
||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
|
||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd};
|
||
|
||
uuid_t rule_uuid1;
|
||
uuid_t rule_uuid2;
|
||
uuid_t rule_uuid11;
|
||
uuid_t rule_uuid12;
|
||
|
||
uuid_t sff_uuid1;
|
||
uuid_t sff_uuid2;
|
||
uuid_t sff_uuid3;
|
||
uuid_t sff_uuid4;
|
||
uuid_t sff_uuid5;
|
||
uuid_t sff_uuid6;
|
||
uuid_t sff_uuid7;
|
||
uuid_t sff_uuid8;
|
||
uuid_t sff_uuid9;
|
||
uuid_t sff_uuid10;
|
||
|
||
uuid_t sf_uuid1;
|
||
uuid_t sf_uuid2;
|
||
uuid_t sf_uuid3;
|
||
uuid_t sf_uuid4;
|
||
uuid_t sf_uuid5;
|
||
uuid_t sf_uuid6;
|
||
uuid_t sf_uuid7;
|
||
uuid_t sf_uuid8;
|
||
|
||
const char rule_uuid1_str[] = "00000000-0000-0000-1111-000000000001";
|
||
const char rule_uuid2_str[] = "00000000-0000-0000-1111-000000000002";
|
||
const char rule_uuid11_str[] = "00000000-0000-0000-1111-000000000011";
|
||
const char rule_uuid12_str[] = "00000000-0000-0000-1111-000000000012";
|
||
|
||
const char sff_uuid1_str[] = "00000000-0000-0000-2222-000000000001";
|
||
const char sff_uuid2_str[] = "00000000-0000-0000-2222-000000000002";
|
||
const char sff_uuid3_str[] = "00000000-0000-0000-2222-000000000003";
|
||
const char sff_uuid4_str[] = "00000000-0000-0000-2222-000000000004";
|
||
const char sff_uuid5_str[] = "00000000-0000-0000-2222-000000000005";
|
||
const char sff_uuid6_str[] = "00000000-0000-0000-2222-000000000006";
|
||
const char sff_uuid7_str[] = "00000000-0000-0000-2222-000000000007";
|
||
const char sff_uuid8_str[] = "00000000-0000-0000-2222-000000000008";
|
||
const char sff_uuid9_str[] = "00000000-0000-0000-2222-000000000009";
|
||
const char sff_uuid10_str[] = "00000000-0000-0000-2222-000000000010";
|
||
|
||
const char sf_uuid1_str[] = "00000000-0000-0000-3333-000000000001";
|
||
const char sf_uuid2_str[] = "00000000-0000-0000-3333-000000000002";
|
||
const char sf_uuid3_str[] = "00000000-0000-0000-3333-000000000003";
|
||
const char sf_uuid4_str[] = "00000000-0000-0000-3333-000000000004";
|
||
const char sf_uuid5_str[] = "00000000-0000-0000-3333-000000000005";
|
||
const char sf_uuid6_str[] = "00000000-0000-0000-3333-000000000006";
|
||
const char sf_uuid7_str[] = "00000000-0000-0000-3333-000000000007";
|
||
const char sf_uuid8_str[] = "00000000-0000-0000-3333-000000000008";
|
||
|
||
static void uuid_init()
|
||
{
|
||
uuid_parse(rule_uuid1_str, rule_uuid1);
|
||
uuid_parse(rule_uuid2_str, rule_uuid2);
|
||
uuid_parse(rule_uuid11_str, rule_uuid11);
|
||
uuid_parse(rule_uuid12_str, rule_uuid12);
|
||
|
||
uuid_parse(sff_uuid1_str, sff_uuid1);
|
||
uuid_parse(sff_uuid2_str, sff_uuid2);
|
||
uuid_parse(sff_uuid3_str, sff_uuid3);
|
||
uuid_parse(sff_uuid4_str, sff_uuid4);
|
||
uuid_parse(sff_uuid5_str, sff_uuid5);
|
||
uuid_parse(sff_uuid6_str, sff_uuid6);
|
||
uuid_parse(sff_uuid7_str, sff_uuid7);
|
||
uuid_parse(sff_uuid8_str, sff_uuid8);
|
||
uuid_parse(sff_uuid9_str, sff_uuid9);
|
||
uuid_parse(sff_uuid10_str, sff_uuid10);
|
||
|
||
uuid_parse(sf_uuid1_str, sf_uuid1);
|
||
uuid_parse(sf_uuid2_str, sf_uuid2);
|
||
uuid_parse(sf_uuid3_str, sf_uuid3);
|
||
uuid_parse(sf_uuid4_str, sf_uuid4);
|
||
uuid_parse(sf_uuid5_str, sf_uuid5);
|
||
uuid_parse(sf_uuid6_str, sf_uuid6);
|
||
uuid_parse(sf_uuid7_str, sf_uuid7);
|
||
uuid_parse(sf_uuid8_str, sf_uuid8);
|
||
}
|
||
|
||
#if 1
|
||
// 都不同
|
||
TEST(POLICY, SELECTED_CHAINING1)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid3);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 3);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[2].sf_uuid, sf_uuid3) == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
// 都相同
|
||
TEST(POLICY, SELECTED_CHAINING2)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 1);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
// 两个相同 (1,2相同)
|
||
TEST(POLICY, SELECTED_CHAINING3)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
// 两个相同 (1,3相同)
|
||
TEST(POLICY, SELECTED_CHAINING4)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
// 两个相同 (2,3相同)
|
||
TEST(POLICY, SELECTED_CHAINING5)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid2);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[1].sf_uuid, sf_uuid2) == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
// 没有数据
|
||
TEST(POLICY, SELECTED_CHAINING6)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
// 只有一个
|
||
TEST(POLICY, SELECTED_CHAINING7)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
uuid_copy(chainings->chaining[chainings->chaining_used++].sf_uuid, sf_uuid1);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 1);
|
||
EXPECT_TRUE(uuid_compare(chainings->chaining[0].sf_uuid, sf_uuid1) == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
uuid_array_init(&s_ctx.rule_uuid_array);
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid1, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 1);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
uuid_array_init(&s_ctx.rule_uuid_array);
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid2, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].rule_uuid, rule_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].sff_uuid, sff_uuid3) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[1].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].rule_uuid, rule_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sff_uuid, sff_uuid6) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
uuid_array_init(&s_ctx.rule_uuid_array);
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid1, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid2, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].rule_uuid, rule_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].sff_uuid, sff_uuid3) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[1].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].rule_uuid, rule_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sff_uuid, sff_uuid6) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
uuid_array_init(&s_ctx.rule_uuid_array);
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid11, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 1);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid11) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
uuid_array_init(&s_ctx.rule_uuid_array);
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid12, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid12) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].rule_uuid, rule_uuid12) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].sff_uuid, sff_uuid3) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[1].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].rule_uuid, rule_uuid12) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sff_uuid, sff_uuid6) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
uuid_array_init(&s_ctx.rule_uuid_array);
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid11, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid12, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid11) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].rule_uuid, rule_uuid12) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].sff_uuid, sff_uuid3) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[1].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].rule_uuid, rule_uuid12) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sff_uuid, sff_uuid6) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
uuid_array_init(&s_ctx.rule_uuid_array);
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
// raw traffic multi hits
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid1, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid2, direction);
|
||
// decrypted traffic multi hits
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid11, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, &rule_uuid12, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 1, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_uuid 2, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 11, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 1, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_uuid 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 2, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 3, sf_uuid -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 4, sf_uuid -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_uuid 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 5, sf_uuid -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 6, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 7, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 8, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 9, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_uuid 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_uuid 12, sff_uuid 10, sf_uuid 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
|
||
"node[0]":{"rule_uuid":1,"sff_uuid":1,"sf_uuid":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
|
||
"node[1]":{"rule_uuid":2,"sff_uuid":3,"sf_uuid":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
|
||
"node[2]":{"rule_uuid":2,"sff_uuid":6,"sf_uuid":1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
|
||
"node[0]":{"rule_uuid":11,"sff_uuid":1,"sf_uuid":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
|
||
"node[1]":{"rule_uuid":12,"sff_uuid":3,"sf_uuid":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
|
||
"node[2]":{"rule_uuid":12,"sff_uuid":6,"sf_uuid":1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
|
||
*/
|
||
|
||
// raw traffic
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].rule_uuid, rule_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].rule_uuid, rule_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[1].sff_uuid, sff_uuid3) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_raw->chaining[1].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].rule_uuid, rule_uuid2) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sff_uuid, sff_uuid6) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_raw->chaining[2].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
// decrypted traffic
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].rule_uuid, rule_uuid11) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[0].sff_uuid, sff_uuid1) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[0].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].rule_uuid, rule_uuid12) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[1].sff_uuid, sff_uuid3) == 0);
|
||
EXPECT_TRUE(uuid_is_null(s_ctx.chaining_decrypted->chaining[1].sf_uuid));
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].rule_uuid, rule_uuid12) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sff_uuid, sff_uuid6) == 0);
|
||
EXPECT_TRUE(uuid_compare(s_ctx.chaining_decrypted->chaining[2].sf_uuid, sf_uuid1) == 0);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
int main(int argc, char **argv)
|
||
{
|
||
uuid_init();
|
||
::testing::InitGoogleTest(&argc, argv);
|
||
return RUN_ALL_TESTS();
|
||
} |