826 lines
48 KiB
C++
826 lines
48 KiB
C++
#include <gtest/gtest.h>
|
||
|
||
#include "sce.h"
|
||
#include "policy.h"
|
||
#include "packet.h"
|
||
#include "global_metrics.h"
|
||
|
||
unsigned char data1[] = {
|
||
0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94,
|
||
0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11,
|
||
0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10,
|
||
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
|
||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
|
||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
|
||
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd};
|
||
|
||
// 都不同
|
||
TEST(POLICY, SELECTED_CHAINING1)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 3;
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 3);
|
||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2);
|
||
EXPECT_TRUE(chainings->chaining[2].sf_profile_id == 3);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
|
||
// 都相同
|
||
TEST(POLICY, SELECTED_CHAINING2)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 1);
|
||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
|
||
// 两个相同 (1,2相同)
|
||
TEST(POLICY, SELECTED_CHAINING3)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
|
||
// 两个相同 (1,3相同)
|
||
TEST(POLICY, SELECTED_CHAINING4)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 2);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
|
||
// 两个相同 (2,3相同)
|
||
TEST(POLICY, SELECTED_CHAINING5)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 2;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 2);
|
||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 2);
|
||
EXPECT_TRUE(chainings->chaining[1].sf_profile_id == 1);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
|
||
// 没有数据
|
||
TEST(POLICY, SELECTED_CHAINING6)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 0);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
|
||
// 只有一个
|
||
TEST(POLICY, SELECTED_CHAINING7)
|
||
{
|
||
struct selected_chaining *chainings = NULL;
|
||
|
||
chainings = selected_chaining_create(3, 1, (char *)"1.1.1.1 11 2.2.2.2 22");
|
||
EXPECT_TRUE(chainings != nullptr);
|
||
|
||
chainings->chaining[chainings->chaining_used++].sf_profile_id = 1;
|
||
|
||
selected_chaining_uniq(chainings);
|
||
selected_chaining_dump(chainings);
|
||
|
||
EXPECT_TRUE(chainings->chaining_used == 1);
|
||
EXPECT_TRUE(chainings->chaining[0].sf_profile_id == 1);
|
||
|
||
selected_chaining_destory(chainings);
|
||
}
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC1)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 1);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC2)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 2);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_RAW_TRAFFIC_MUTIL_HITS)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC1)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 1);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC2)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 12);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_DECRYPTED_TRAFFIC_MUTIL_HITS)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
*/
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
#if 1
|
||
TEST(POLICY, POLICY_ENFORCER_MIX_TRAFFIC_MUTIL_HITS)
|
||
{
|
||
struct global_metrics global_metrics;
|
||
struct thread_ctx t_ctx;
|
||
struct session_ctx s_ctx;
|
||
|
||
t_ctx.ref_global_metrics = &global_metrics;
|
||
s_ctx.ref_thread_ctx = &t_ctx;
|
||
s_ctx.session_id = 1;
|
||
s_ctx.session_addr = (char *)"1.1.1.1 11 2.2.2.2 22";
|
||
|
||
struct packet handler;
|
||
|
||
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
|
||
EXPECT_TRUE(payload != nullptr);
|
||
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
|
||
|
||
const char *profile = "./test_resource/sce.conf";
|
||
struct policy_enforcer *enforcer = policy_enforcer_create("SCE", profile, 8);
|
||
EXPECT_TRUE(enforcer != nullptr);
|
||
EXPECT_TRUE(policy_enforcer_register(enforcer) == 0);
|
||
|
||
int direction = 1;
|
||
s_ctx.chaining_raw = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
s_ctx.chaining_decrypted = selected_chaining_create(64, s_ctx.session_id, s_ctx.session_addr);
|
||
// raw traffic multi hits
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 1, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 2, direction);
|
||
// decrypted traffic multi hits
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 11, direction);
|
||
policy_enforce_select_chainings(enforcer, &s_ctx, &handler, 12, direction);
|
||
|
||
/*
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 1, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce raw chaining: rule_id 2, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 11, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 1, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 4 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 5 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 6 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 7 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by admin-status, sf_profile_id 8 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 2, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 3, sf_profile_id -1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 4, sf_profile_id -1, sf_action bypass, sf_action_desc bypass_due_health_sf_limit
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 1 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 2 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by localization, sf_profile_id 3 to be excluded
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 5, sf_profile_id -1, sf_action block, sf_action_desc block_due_unavailable_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 6, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 7, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 8, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 9, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 select sf by fail-action, sf_profile_id 1 to be selected
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 enforce decrypted chaining: rule_id 12, sff_profile_id 10, sf_profile_id 1, sf_action block, sf_action_desc block_due_failure_action
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
|
||
"node[0]":{"rule_id":1,"sff_profile_id":1,"sf_profile_id":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
|
||
"node[1]":{"rule_id":2,"sff_profile_id":3,"sf_profile_id":-1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
|
||
"node[2]":{"rule_id":2,"sff_profile_id":6,"sf_profile_id":1,"traffic_type":"raw","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
|
||
POLICY: session 1 1.1.1.1 11 2.2.2.2 22 selected_chaining_bref: chaining_size:64, chaining_used:3, {
|
||
"node[0]":{"rule_id":11,"sff_profile_id":1,"sf_profile_id":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"bypass","reason":"bypass_due_failure_action"},
|
||
"node[1]":{"rule_id":12,"sff_profile_id":3,"sf_profile_id":-1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"},
|
||
"node[2]":{"rule_id":12,"sff_profile_id":6,"sf_profile_id":1,"traffic_type":"decrypted","sff_forward_type":"steering","sf_action":"block","reason":"block_due_failure_action"}}
|
||
*/
|
||
|
||
// raw traffic
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].rule_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].rule_id == 2);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sff_profile_id == 3);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].rule_id == 2);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sff_profile_id == 6);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_raw->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_raw);
|
||
selected_chaining_bref(s_ctx.chaining_raw);
|
||
selected_chaining_destory(s_ctx.chaining_raw);
|
||
|
||
// decrypted traffic
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining_used == 3);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].rule_id == 11);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sff_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action == SESSION_ACTION_BYPASS);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[0].sf_action_desc == ACTION_BYPASS_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].rule_id == 12);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sff_profile_id == 3);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_profile_id == -1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[1].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].rule_id == 12);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sff_profile_id == 6);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_profile_id == 1);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action == SESSION_ACTION_BLOCK);
|
||
EXPECT_TRUE(s_ctx.chaining_decrypted->chaining[2].sf_action_desc == ACTION_BLOCK_DUE_FAILURE_ACTION);
|
||
|
||
selected_chaining_dump(s_ctx.chaining_decrypted);
|
||
selected_chaining_bref(s_ctx.chaining_decrypted);
|
||
selected_chaining_destory(s_ctx.chaining_decrypted);
|
||
|
||
printf("Before Sleep\n");
|
||
sleep(1);
|
||
printf("After Sleep\n");
|
||
|
||
policy_enforcer_destory(enforcer);
|
||
}
|
||
#endif
|
||
|
||
int main(int argc, char **argv)
|
||
{
|
||
::testing::InitGoogleTest(&argc, argv);
|
||
return RUN_ALL_TESTS();
|
||
} |