summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author刘学利 <[email protected]>2023-05-09 11:26:57 +0000
committer刘学利 <[email protected]>2023-05-09 11:26:57 +0000
commitc5e959492d627e5fcfe3cf5264b0e4e53e63f77a (patch)
tree166e04398bc0bae2168f643f785d690b5ff2a9b3
parent19eaee2c7825fdfc1b1b967496916942624e9d29 (diff)
TSG-14932: 控制报文中需增加service chaining和shaping的SID, 保证SID的顺序 , TFE -> service...
Diffstat
-rw-r--r--bin/main.conf1
-rw-r--r--bin/tsg_log_field.conf1
-rw-r--r--src/tsg_bridge.cpp72
-rw-r--r--src/tsg_bridge.h2
-rw-r--r--src/tsg_entry.cpp155
-rw-r--r--src/tsg_proxy.cpp34
-rw-r--r--src/tsg_proxy.h2
-rw-r--r--src/tsg_sync_state.h2
-rw-r--r--test/src/gtest_master.cpp240
-rw-r--r--test/src/gtest_sync_state.cpp4
10 files changed, 419 insertions, 94 deletions
diff --git a/bin/main.conf b/bin/main.conf
index 2f03a10..55fba42 100644
--- a/bin/main.conf
+++ b/bin/main.conf
@@ -52,6 +52,7 @@ DEVICE_SN_FILENAME="/opt/tsg/etc/tsg_sn.json"
DEVICE_ID_COMMAND="hostname | awk -F'-' '{print $3}'| awk -F'ADC' '{print $2}'"
SERVICE_CHAINING_SID=1004
SHAPING_SID=1005
+PROXY_SID=1006
[TRAFFIC_MIRROR]
TRAFFIC_MIRROR_ENABLE=1
diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf
index 5253d68..0712221 100644
--- a/bin/tsg_log_field.conf
+++ b/bin/tsg_log_field.conf
@@ -8,6 +8,7 @@ TOPIC INTERIM-SESSION-RECORD 4
TOPIC TRANSACTION-RECORD 5
TOPIC GTPC-RECORD 6
TOPIC BGP-RECORD 7
+TOPIC PROXY-EVENT 8
#TYPE FIELD VALUE
LONG common_policy_id 1
diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp
index 04c72ee..c2d2058 100644
--- a/src/tsg_bridge.cpp
+++ b/src/tsg_bridge.cpp
@@ -179,7 +179,7 @@ void *session_async_bridge_get_data(const struct streaminfo *a_stream, int bridg
return NULL;
}
-const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream)
+const struct session_runtime_attribute *session_runtime_attribute_new(const struct streaminfo *a_stream)
{
struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id);
if(srt_attribute==NULL)
@@ -199,6 +199,11 @@ const struct session_runtime_attribute *session_runtime_attribute_get(const stru
return (const struct session_runtime_attribute *)srt_attribute;
}
+const struct session_runtime_attribute *session_runtime_attribute_get(const struct streaminfo *a_stream)
+{
+ return (struct session_runtime_attribute *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ATTRIBUTE].id);
+}
+
int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream)
{
unsigned long long create_time=0;
@@ -218,7 +223,7 @@ int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream)
return 0;
}
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->establish_latency_ms=current_time-create_time;
@@ -230,7 +235,7 @@ int srt_attribute_set_establish_latecy(const struct streaminfo *a_stream)
int srt_attribute_set_protocol(const struct streaminfo *a_stream, TSG_PROTOCOL protocol)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->proto=protocol;
@@ -242,7 +247,7 @@ int srt_attribute_set_protocol(const struct streaminfo *a_stream, TSG_PROTOCOL p
int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->http_action_file_size=http_action_file_size;
@@ -254,7 +259,7 @@ int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_a
int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->ja3_fingerprint=ja3_fingerprint;
@@ -266,7 +271,7 @@ int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const cha
int srt_atttribute_set_umts_user_info(const struct streaminfo *a_stream, struct umts_user_info *user_info)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->user_info=user_info;
@@ -278,7 +283,7 @@ int srt_atttribute_set_umts_user_info(const struct streaminfo *a_stream, struct
int srt_atttribute_set_subscriber_id(const struct streaminfo *a_stream, struct subscribe_id_info *c_subscribe_id, struct subscribe_id_info *s_subscribe_id)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->client_subscribe_id=c_subscribe_id;
@@ -291,7 +296,7 @@ int srt_atttribute_set_subscriber_id(const struct streaminfo *a_stream, struct s
int srt_atttribute_set_ip_asn(const struct streaminfo *a_stream, struct asn_info *c_asn, struct asn_info *s_asn)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->client_asn=c_asn;
@@ -304,7 +309,7 @@ int srt_atttribute_set_ip_asn(const struct streaminfo *a_stream, struct asn_info
int srt_atttribute_set_ip_location(const struct streaminfo *a_stream, struct location_info *c_location, struct location_info *s_location)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->client_location=c_location;
@@ -317,7 +322,7 @@ int srt_atttribute_set_ip_location(const struct streaminfo *a_stream, struct loc
int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned int *category_ids, int n_category_ids)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
if(n_category_ids<=0 || n_category_ids>MAX_CATEGORY_ID_NUM)
@@ -335,7 +340,7 @@ int srt_attribute_set_category_ids(const struct streaminfo *a_stream, unsigned i
int srt_attribute_set_flags(const struct streaminfo *a_stream, unsigned long s_flags)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute)
{
srt_attribute->session_flags=s_flags;
@@ -431,7 +436,7 @@ int session_runtime_process_context_async(const struct streaminfo *a_stream, voi
return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id, data);
}
-const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream)
+const struct session_runtime_process_context *session_runtime_process_context_new(const struct streaminfo *a_stream)
{
struct session_runtime_process_context *srt_attribute=(struct session_runtime_process_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id);
if(srt_attribute==NULL)
@@ -451,6 +456,11 @@ const struct session_runtime_process_context *session_runtime_process_context_ge
return (const struct session_runtime_process_context *)srt_attribute;
}
+const struct session_runtime_process_context *session_runtime_process_context_get(const struct streaminfo *a_stream)
+{
+ return (struct session_runtime_process_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id);
+}
+
enum TSG_PROTOCOL srt_process_context_get_protocol(const struct session_runtime_process_context *srt_process_context)
{
if(srt_process_context!=NULL)
@@ -496,6 +506,26 @@ int session_runtime_action_context_async(const struct streaminfo *a_stream, void
return session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, data);
}
+const struct session_runtime_action_context *session_runtime_action_context_new(const struct streaminfo *a_stream)
+{
+ struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_PROCESS_CONTEXT].id);
+ if(srt_action_context==NULL)
+ {
+ srt_action_context=(struct session_runtime_action_context *)dictator_malloc(a_stream->threadnum, sizeof(struct session_runtime_action_context));
+ memset(srt_action_context, 0, sizeof(struct session_runtime_action_context));
+
+ int ret=session_async_bridge_set_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, (void *)srt_action_context);
+ if(ret<0)
+ {
+ session_runtime_attribute_free(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id, (void *)srt_action_context);
+ srt_action_context=NULL;
+ return NULL;
+ }
+ }
+
+ return (const struct session_runtime_action_context *)srt_action_context;
+}
+
const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream)
{
return (const struct session_runtime_action_context *)session_async_bridge_get_data(a_stream, g_tm_bridge_para[BRIDGE_TYPE_SESSION_ACTION_CONTEXT].id);
@@ -503,7 +533,7 @@ const struct session_runtime_action_context *session_runtime_action_context_get(
int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int after_n_packets, int thread_seq)
{
- struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
+ struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
if(srt_action_context==NULL)
{
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
@@ -518,7 +548,7 @@ int srt_action_context_set_after_n_packet(const struct streaminfo *a_stream, int
int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int hited_app_id, int thread_seq)
{
- struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
+ struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
if(srt_action_context==NULL)
{
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
@@ -533,7 +563,7 @@ int srt_action_context_set_hitted_app_id(const struct streaminfo *a_stream, int
int srt_action_context_set_l7_protocol(const struct streaminfo *a_stream, enum TSG_PROTOCOL protocol, int thread_seq)
{
- struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
+ struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
if(srt_action_context==NULL)
{
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
@@ -548,7 +578,7 @@ int srt_action_context_set_l7_protocol(const struct streaminfo *a_stream, enum T
int srt_action_context_set_rule_method(const struct streaminfo *a_stream, enum TSG_METHOD_TYPE method_type, int thread_seq)
{
- struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
+ struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
if(srt_action_context==NULL)
{
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
@@ -583,7 +613,7 @@ int srt_action_context_set_rule_method(const struct streaminfo *a_stream, enum T
int srt_action_context_set_leaky_bucket(const struct streaminfo *a_stream, struct leaky_bucket *bucket, int thread_seq)
{
- struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_get(a_stream);
+ struct session_runtime_action_context *srt_action_context=(struct session_runtime_action_context *)session_runtime_action_context_new(a_stream);
if(srt_action_context==NULL)
{
srt_action_context=(struct session_runtime_action_context *)dictator_malloc(thread_seq, sizeof(struct session_runtime_action_context));
@@ -783,14 +813,14 @@ void session_matched_rules_notify(const struct streaminfo *a_stream, TSG_SERVICE
bridge_idx=BRIDGE_TYPE_SECURITY_RESULT;
break;
case TSG_SERVICE_INTERCEPT:
- bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT;
- break;
+ //bridge_idx=BRIDGE_TYPE_INTERCEPT_RESULT;
+ return;
case TSG_SERVICE_CHAINING:
matched_service_chaining_rules_deal(a_stream, rules, n_rules, thread_seq);
- break;
+ return;
case TSG_SERVICE_SHAPING:
matched_shaping_rules_deal(a_stream, rules, n_rules, thread_seq);
- break;
+ return;
default:
return ;
}
diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h
index f690154..62a062e 100644
--- a/src/tsg_bridge.h
+++ b/src/tsg_bridge.h
@@ -163,6 +163,7 @@ int session_mirror_packets_sync(const struct streaminfo *a_stream, struct maat_r
void session_matched_rules_notify(const struct streaminfo * a_stream, TSG_SERVICE service, struct maat_rule *results, size_t n_results, int thread_seq);
// session runtime attribute
+const struct session_runtime_attribute *session_runtime_attribute_new(const struct streaminfo *a_stream);
int srt_attribute_set_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol);
int srt_attribute_set_flags(const struct streaminfo * a_stream, unsigned long s_flags);
int srt_attribute_set_establish_latecy(const struct streaminfo * a_stream);
@@ -175,6 +176,7 @@ void *session_gather_app_results_get(const struct streaminfo * a_stream);
// session runtime do action context
int session_runtime_action_context_async(const struct streaminfo *a_stream, void *data);
+const struct session_runtime_action_context *session_runtime_action_context_new(const struct streaminfo *a_stream);
const struct session_runtime_action_context *session_runtime_action_context_get(const struct streaminfo *a_stream);
int srt_action_context_set_leaky_bucket(const struct streaminfo * a_stream, struct leaky_bucket * bucket, int thread_seq);
int srt_action_context_set_l7_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol, int thread_seq);
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 31c57b1..1ebbeb6 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -739,6 +739,11 @@ int session_state_sync_in_opening_and_closing(const struct streaminfo *a_stream,
{
struct segment_id_list sid_list={0};
+ if(g_tsg_para.intercept_sid>0)
+ {
+ sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.intercept_sid;
+ }
+
if(g_tsg_para.service_chaining_sid>0)
{
sid_list.sid_list[sid_list.sz_sidlist++]=(unsigned short)g_tsg_para.service_chaining_sid;
@@ -801,6 +806,95 @@ int session_state_update_policy(struct update_policy *u_policy, struct maat_rule
return 0;
}
+enum policy_type session_state_get_policy_type(TSG_SERVICE service)
+{
+ enum policy_type p_type=POLICY_UPDATE_MAX;
+ switch(service)
+ {
+ case TSG_SERVICE_CHAINING:
+ if(g_tsg_para.service_chaining_sid==0)
+ {
+ break;
+ }
+ return POLICY_UPDATE_SERVICE_CHAINING;
+ case TSG_SERVICE_SHAPING:
+ if(g_tsg_para.shaping_sid==0)
+ {
+ break;
+ }
+ return POLICY_UPDATE_SHAPING;
+ case TSG_SERVICE_INTERCEPT:
+ if(g_tsg_para.intercept_sid==0)
+ {
+ break;
+ }
+ return POLICY_UPDATE_INTERCEPT;
+ default:
+ break;
+ }
+
+ return p_type;
+}
+
+unsigned short session_state_update_segment_sids(struct segment_id_list *segment_ids, enum policy_type p_type)
+{
+ unsigned short segment_id=0;
+ unsigned short tmp_sids[POLICY_UPDATE_MAX]={0};
+
+ switch(p_type)
+ {
+ case POLICY_UPDATE_SHAPING:
+ segment_id=g_tsg_para.shaping_sid;
+ break;
+ case POLICY_UPDATE_INTERCEPT:
+ segment_id=g_tsg_para.intercept_sid;
+ break;
+ case POLICY_UPDATE_SERVICE_CHAINING:
+ segment_id=g_tsg_para.service_chaining_sid;
+ break;
+ default:
+ return 0;
+ }
+
+ for(size_t i=0; i<segment_ids->sz_sidlist; i++)
+ {
+ if(segment_ids->sid_list[i]==segment_id || segment_id==0)
+ {
+ return segment_id;
+ }
+
+ if(segment_ids->sid_list[i]==g_tsg_para.intercept_sid)
+ {
+ tmp_sids[POLICY_UPDATE_INTERCEPT]=segment_ids->sid_list[i];
+ continue;
+ }
+
+ if(segment_ids->sid_list[i]==g_tsg_para.service_chaining_sid)
+ {
+ tmp_sids[POLICY_UPDATE_SERVICE_CHAINING]=segment_ids->sid_list[i];
+ continue;
+ }
+
+ if(segment_ids->sid_list[i]==g_tsg_para.shaping_sid)
+ {
+ tmp_sids[POLICY_UPDATE_SHAPING]=segment_ids->sid_list[i];
+ continue;
+ }
+ }
+
+ tmp_sids[p_type]=segment_id;
+ segment_ids->sz_sidlist=0;
+ for(int i=0; i<POLICY_UPDATE_MAX; i++)
+ {
+ if(tmp_sids[i]!=0)
+ {
+ segment_ids->sid_list[segment_ids->sz_sidlist++]=tmp_sids[i];
+ }
+ }
+
+ return segment_id;
+}
+
size_t matched_rules_increase_in_activing(const struct matched_policy_rules *matched_rules, struct maat_rule *new_rules, size_t n_new_rules, struct maat_rule *inc_rules, size_t n_inc_rules)
{
size_t n_inc_rules_offset=0;
@@ -828,33 +922,12 @@ size_t matched_rules_increase_in_activing(const struct matched_policy_rules *mat
int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SERVICE service, struct maat_rule *inc_rules, size_t n_inc_rules)
{
- unsigned short segment_id=0;
- enum policy_type p_type=POLICY_UPDATE_MAX;
- switch(service)
- {
- case TSG_SERVICE_CHAINING:
- p_type=POLICY_UPDATE_SERVICE_CHAINING;
- segment_id=(unsigned short)g_tsg_para.service_chaining_sid;
- break;
- case TSG_SERVICE_SHAPING:
- p_type=POLICY_UPDATE_SHAPING;
- segment_id=(unsigned short)g_tsg_para.shaping_sid;
- break;
- case TSG_SERVICE_INTERCEPT:
- p_type=POLICY_UPDATE_INTERCEPT;
- segment_id=(unsigned short)g_tsg_para.intercept_sid;
- break;
- default:
- return 0;
- }
-
- if(segment_id==0)
+ enum policy_type p_type=session_state_get_policy_type(service);
+ if(p_type>=POLICY_UPDATE_MAX)
{
return 0;
}
- MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "set_segment_id", "set in active status , service:%d, sid:%u,session addr:%s", service, segment_id, PRINTADDR(a_stream, g_tsg_para.level));
-
struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(a_stream);
if(segment_ids==NULL)
{
@@ -862,21 +935,15 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE
memset(segment_ids, 0, sizeof(struct segment_id_list));
}
- int add_sid=1;
- for(size_t i=0; i<segment_ids->sz_sidlist; i++)
+ unsigned short segment_id=session_state_update_segment_sids(segment_ids, p_type);
+ if(segment_id==0)
{
- if(segment_ids->sid_list[i]==segment_id)
- {
- add_sid=0;
- break;
- }
+ dictator_free(a_stream->threadnum, (void *)segment_ids);
+ return 0;
}
- if(add_sid==1)
- {
- segment_ids->sid_list[segment_ids->sz_sidlist++]=segment_id;
- }
-
+ MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_INFO, "set_segment_id", "set in active status , service:%d, sid:%u,session addr:%s", service, segment_id, PRINTADDR(a_stream, g_tsg_para.level));
+
struct segment_id_list sid_list;
sid_list.sz_sidlist=1;
sid_list.sid_list[0]=segment_id;
@@ -888,7 +955,7 @@ int session_set_segment_id_in_activing(const struct streaminfo *a_stream, TSG_SE
if(service==TSG_SERVICE_INTERCEPT)
{
memset(&policy_array[0].cmsg, 0, sizeof(struct proxy_cmsg));
- tsg_proxy_update_policy_fill(a_stream, &(policy_array[0]));
+ tsg_proxy_update_policy_fill(a_stream, &(policy_array[0]), segment_ids);
struct matched_policy_rules *s_chaining = (struct matched_policy_rules *)session_matched_rules_get(a_stream, TSG_SERVICE_CHAINING);
if(s_chaining!=NULL)
@@ -1336,7 +1403,7 @@ static int session_l7_protocol_idnetify(const struct streaminfo *a_stream, struc
static size_t tsg_scan_fqdn_category_id(const struct streaminfo *a_stream, struct maat *feather, char *domain, int table_idx, struct maat_state *s_mid, maat_rule *results, size_t n_result)
{
- struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_get(a_stream);
+ struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
if(srt_attribute!=NULL && domain!=NULL && table_idx>=0)
{
srt_attribute->n_fqdn_category_ids=tsg_get_fqdn_category_ids(g_tsg_maat_feather, domain, srt_attribute->fqdn_category_ids, MAX_CATEGORY_ID_NUM);
@@ -1530,13 +1597,6 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru
{
matched_service_chaining_rules_deal(a_stream, s_chaining_rules, n_s_chaining_rules, a_stream->threadnum);
}
-
- struct maat_rule intercept_rules[MAX_RESULT_NUM]={0};
- size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT);
- if(n_intercept_rules>0)
- {
- matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum);
- }
struct maat_rule shaping_rules[MAX_RESULT_NUM]={0};
size_t n_shaping_rules=tsg_select_rules_by_service_id(rules, n_rules, shaping_rules, MAX_RESULT_NUM, TSG_SERVICE_SHAPING);
@@ -1545,6 +1605,13 @@ unsigned char session_matched_rules_deal(const struct streaminfo *a_stream, stru
matched_shaping_rules_deal(a_stream, shaping_rules, n_shaping_rules, a_stream->threadnum);
}
+ struct maat_rule intercept_rules[MAX_RESULT_NUM]={0};
+ size_t n_intercept_rules=tsg_select_rules_by_service_id(rules, n_rules, intercept_rules, MAX_RESULT_NUM, TSG_SERVICE_INTERCEPT);
+ if(n_intercept_rules>0)
+ {
+ matched_intercept_rules_deal(a_stream, intercept_rules, n_intercept_rules, a_stream->threadnum);
+ }
+
struct maat_rule security_rules[MAX_RESULT_NUM]={0};
size_t n_security_rules=tsg_select_rules_by_service_id(rules, n_rules, security_rules, MAX_RESULT_NUM, TSG_SERVICE_SECURITY);
if(n_security_rules>0)
diff --git a/src/tsg_proxy.cpp b/src/tsg_proxy.cpp
index 8e007fa..2601cda 100644
--- a/src/tsg_proxy.cpp
+++ b/src/tsg_proxy.cpp
@@ -6,6 +6,7 @@
#include "tsg_send_log.h"
#include "tsg_sync_state.h"
#include "tsg_proxy.h"
+#include "tsg_bridge.h"
#define DEFAULT_WINSCLE 0
#define DEFAULT_MSS 1460
@@ -20,6 +21,21 @@ enum tsg_proxy_ipv6hdr_parse_error{
TSG_PROXY_IPV6HDR_INVALID_TYPE = -3,
};
+int update_segment_sids(struct cmsg_int16_array *d_sids_array, unsigned short *s_sids, unsigned int n_s_sids)
+{
+ for(unsigned int i=0; i<n_s_sids; i++)
+ {
+ if(d_sids_array->num>=8)
+ {
+ break;
+ }
+
+ d_sids_array->value[d_sids_array->num++]=s_sids[i];
+ }
+
+ return 1;
+}
+
int tsg_proxy_ipv6_header_parse(const void *a_packet, struct pkt_info *pktinfo){
if(a_packet == NULL){
return TSG_PROXY_IPV6HDR_NULL_PACKET;
@@ -233,7 +249,7 @@ void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_in
static struct tsg_proxy_tcp_attribute *tsg_proxy_tcp_attribute_get(const struct streaminfo *stream)
{
- struct session_runtime_attribute *srt_attribute = (struct session_runtime_attribute *)session_runtime_attribute_get(stream);
+ struct session_runtime_attribute *srt_attribute = (struct session_runtime_attribute *)session_runtime_attribute_new(stream);
if (srt_attribute == NULL) {
MESA_handle_runtime_log(g_tsg_para.logger, RLOG_LV_FATAL, "PROXY", "Failed to get session runtime attribute, stream treaceid = %llu", tsg_get_stream_trace_id(stream));
return NULL;
@@ -497,7 +513,7 @@ static void tsg_proxy_tcp_attribute_dump(tsg_proxy_tcp_attribute *tcp_attr, stru
return;
}
-void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy)
+void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy, struct segment_id_list *segment_ids)
{
struct proxy_cmsg *cmsg = &policy->cmsg;
struct tsg_proxy_tcp_attribute *tcp_attr = tsg_proxy_tcp_attribute_get(stream);
@@ -524,10 +540,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
cmsg->tcp_seq_route_ctx.num = client->route_ctx_len;
memcpy(cmsg->tcp_seq_route_ctx.value, client->route_ctx, client->route_ctx_len);
- cmsg->tcp_seq_sids.num = client->sid_list.sz_sidlist;
- for (unsigned int i = 0; i < client->sid_list.sz_sidlist; i++) {
- cmsg->tcp_seq_sids.value[i] = client->sid_list.sid_list[i];
- }
+ update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid
+ update_segment_sids(&cmsg->tcp_seq_sids, client->sid_list.sid_list, client->sid_list.sz_sidlist);
cmsg->tcp_mss_server = server->mss;
cmsg->tcp_sack_server = server->sack;
@@ -538,10 +552,8 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
cmsg->tcp_ack_route_ctx.num = server->route_ctx_len;
memcpy(cmsg->tcp_ack_route_ctx.value, server->route_ctx, server->route_ctx_len);
- cmsg->tcp_ack_sids.num = server->sid_list.sz_sidlist;
- for (unsigned int i = 0; i < server->sid_list.sz_sidlist; i++) {
- cmsg->tcp_ack_sids.value[i] = server->sid_list.sid_list[i];
- }
+ update_segment_sids(&cmsg->tcp_seq_sids, segment_ids->sid_list+1, segment_ids->sz_sidlist-1); // delete intercept sid
+ update_segment_sids(&cmsg->tcp_ack_sids, server->sid_list.sid_list, server->sid_list.sz_sidlist);
if (client->wscale_set && server->wscale_set) {
cmsg->tcp_wsacle_exist = 1;
@@ -558,4 +570,4 @@ void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update
tsg_proxy_tcp_attribute_dump(tcp_attr, cmsg, stream);
return;
-} \ No newline at end of file
+}
diff --git a/src/tsg_proxy.h b/src/tsg_proxy.h
index 7ad87dc..9565879 100644
--- a/src/tsg_proxy.h
+++ b/src/tsg_proxy.h
@@ -50,4 +50,4 @@ void tsg_proxy_tcp_parse(struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_in
void tsg_proxy_first_data_process(const struct streaminfo *stream, struct tsg_proxy_tcp_attribute *tcp_attr, struct pkt_info *pktinfo);
void tsg_proxy_tcp_options_parse(const struct streaminfo *stream, const void *a_packet);
-void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy); \ No newline at end of file
+void tsg_proxy_update_policy_fill(const struct streaminfo *stream, struct update_policy *policy, struct segment_id_list *segment_ids); \ No newline at end of file
diff --git a/src/tsg_sync_state.h b/src/tsg_sync_state.h
index 801ebc1..ff9fe8f 100644
--- a/src/tsg_sync_state.h
+++ b/src/tsg_sync_state.h
@@ -5,7 +5,7 @@
enum policy_type
{
- POLICY_UPDATE_INTERCEPT = 0,
+ POLICY_UPDATE_INTERCEPT=0,
POLICY_UPDATE_SERVICE_CHAINING,
POLICY_UPDATE_SHAPING,
POLICY_UPDATE_MAX
diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp
index cf95413..76cc51a 100644
--- a/test/src/gtest_master.cpp
+++ b/test/src/gtest_master.cpp
@@ -10,7 +10,8 @@
extern int rd_kafka_get_sendlog_cnt(void);
extern const char *rd_kafka_get_sendlog_payload(int idx);
extern int matched_shaping_rules_deal(const struct streaminfo *a_stream, struct maat_rule *shaping_rules, size_t n_shaping_rules, int thread_seq);;
-extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);;
+extern int matched_service_chaining_rules_deal(const struct streaminfo *a_stream, struct maat_rule *service_chaining_rules, size_t n_service_chaining_rules, int thread_seq);
+extern int matched_intercept_rules_deal(const struct streaminfo * a_stream, struct maat_rule * intercept_rules, size_t n_intercept_rules, int thread_seq);
extern void session_segment_id_free(const struct streaminfo * a_stream, int bridge_id, void * data);
@@ -492,28 +493,37 @@ TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify)
extern int session_packet_capture_by_rules_notify(const struct streaminfo *a_stream, struct maat_rule *rules, size_t n_rules, int thread_seq);
-TEST(TSGMaster, SecurityPolicyIntercept)
+TEST(TSGMaster, InterceptPolicyNotify)
{
const struct streaminfo a_stream={0};
struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
matched_policy[1].action=TSG_ACTION_INTERCEPT;
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
+ matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
// Set Intercept
- session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[1], 1, 0);
+ matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
- const struct matched_policy_rules *hited_security=session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY);
- EXPECT_NE(nullptr, hited_security);
- EXPECT_EQ(1, hited_security->n_rules);
- EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].action);
- EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_security->rules[0].rule_id);
+ const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
+ EXPECT_NE(nullptr, hited_intercept);
+ EXPECT_EQ(1, hited_intercept->n_rules);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
+ EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
- session_matched_rules_free(&a_stream, TSG_SERVICE_SECURITY, (void *)hited_security);
- session_matched_rules_async(&a_stream, TSG_SERVICE_SECURITY, NULL);
- EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY));
-}
+ struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(1, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
+
+ session_segment_id_free(&a_stream, 0, (void *)segment_ids);
+ session_control_segment_ids_async(&a_stream, NULL);
+ session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
+}
TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
{
@@ -522,9 +532,11 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
matched_policy[0].action=TSG_ACTION_MONITOR;
matched_policy[0].rule_id=TSG_ACTION_MONITOR;
+ matched_policy[0].service_id=TSG_SERVICE_SECURITY;
matched_policy[1].action=TSG_ACTION_INTERCEPT;
matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
+ matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
// First Monitor, second Intercpt
session_matched_rules_notify(&a_stream, TSG_SERVICE_SECURITY, &matched_policy[0], 1, 0);
@@ -553,12 +565,13 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SECURITY));
// Set Intercept
- session_matched_rules_notify(&a_stream, TSG_SERVICE_INTERCEPT, &matched_policy[1], 1, 0);
+ matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1);
EXPECT_EQ(1, ret);
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, matched_policy[2].rule_id);
+ EXPECT_EQ(TSG_SERVICE_INTERCEPT, matched_policy[2].service_id);
ret=session_matched_rules_copy(&a_stream, TSG_SERVICE_INTERCEPT, &(matched_policy[2]), 1);
EXPECT_EQ(1, ret);
@@ -571,12 +584,19 @@ TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
+ struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(1, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
+
+ session_segment_id_free(&a_stream, 0, (void *)segment_ids);
+ session_control_segment_ids_async(&a_stream, NULL);
+
session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
}
-
TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify)
{
const struct streaminfo a_stream={0};
@@ -635,6 +655,198 @@ TEST(TSGMaster, ShapingAndServiceChainingPolicyNotify)
EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
}
+TEST(TSGMaster, InterceptPolicy)
+{
+ const struct streaminfo a_stream={0};
+ struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
+
+ matched_policy[1].action=TSG_ACTION_INTERCEPT;
+ matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
+ matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
+
+ // Set Intercept
+ matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
+ const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
+ EXPECT_NE(nullptr, hited_intercept);
+ EXPECT_EQ(1, hited_intercept->n_rules);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
+ EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
+
+ struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(1, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
+
+ session_segment_id_free(&a_stream, 0, (void *)segment_ids);
+ session_control_segment_ids_async(&a_stream, NULL);
+
+ session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
+}
+
+TEST(TSGMaster, InterceptAndNOInterceptPolicy)
+{
+ const struct streaminfo a_stream={0};
+ struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
+
+ matched_policy[0].action=TSG_ACTION_NO_INTERCEPT;
+ matched_policy[0].rule_id=TSG_ACTION_NO_INTERCEPT;
+ matched_policy[0].service_id=TSG_SERVICE_INTERCEPT;
+
+ matched_policy[1].action=TSG_ACTION_INTERCEPT;
+ matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
+ matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
+
+ // Set Intercept And NO Intercept
+ matched_intercept_rules_deal(&a_stream, matched_policy, 2, 0);
+ const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
+ EXPECT_NE(nullptr, hited_intercept);
+ EXPECT_EQ(1, hited_intercept->n_rules);
+ EXPECT_EQ(TSG_ACTION_NO_INTERCEPT, hited_intercept->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_NO_INTERCEPT, hited_intercept->rules[0].rule_id);
+ EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
+
+ struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(1, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
+
+ session_segment_id_free(&a_stream, 0, (void *)segment_ids);
+ session_control_segment_ids_async(&a_stream, NULL);
+
+ session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
+}
+
+TEST(TSGMaster, ServiceChainingAndInterceptPolicy)
+{
+ const struct streaminfo a_stream={0};
+ struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
+
+ matched_policy[0].action=TSG_ACTION_S_CHAINING;
+ matched_policy[0].rule_id=TSG_ACTION_S_CHAINING;
+
+ // Set Service chaining
+ matched_service_chaining_rules_deal(&a_stream, &matched_policy[0], 1, 0);
+ const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
+ EXPECT_NE(nullptr, hited_s_chaining);
+ EXPECT_EQ(1, hited_s_chaining->n_rules);
+ EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].rule_id);
+
+ struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(1, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
+
+ // Set Intercept
+ matched_policy[1].action=TSG_ACTION_INTERCEPT;
+ matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
+ matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
+
+ matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
+ const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
+ EXPECT_NE(nullptr, hited_intercept);
+ EXPECT_EQ(1, hited_intercept->n_rules);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
+ EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
+
+ segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(2, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
+ EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[1]);
+
+ session_segment_id_free(&a_stream, 0, (void *)segment_ids);
+ session_control_segment_ids_async(&a_stream, NULL);
+
+ session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
+
+ session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
+}
+
+TEST(TSGMaster, ServiceChainingAndShapingAndInterceptPolicy)
+{
+ const struct streaminfo a_stream={0};
+ struct maat_rule matched_policy[MAX_RESULT_NUM]={0};
+
+ // Set Shaping
+ matched_policy[0].action=TSG_ACTION_SHAPING;
+ matched_policy[0].rule_id=TSG_ACTION_SHAPING;
+
+ matched_shaping_rules_deal(&a_stream, &matched_policy[0], 1, 0);
+ const struct matched_policy_rules *hited_shaping=session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING);
+ EXPECT_NE(nullptr, hited_shaping);
+ EXPECT_EQ(1, hited_shaping->n_rules);
+ EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_SHAPING, hited_shaping->rules[0].rule_id);
+
+ struct segment_id_list *segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(1, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[0]);
+
+ // Set Service chaining
+ matched_policy[0].action=TSG_ACTION_S_CHAINING;
+ matched_policy[0].rule_id=TSG_ACTION_S_CHAINING;
+
+ matched_service_chaining_rules_deal(&a_stream, &matched_policy[0], 1, 0);
+ const struct matched_policy_rules *hited_s_chaining=session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING);
+ EXPECT_NE(nullptr, hited_s_chaining);
+ EXPECT_EQ(1, hited_s_chaining->n_rules);
+ EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_S_CHAINING, hited_s_chaining->rules[0].rule_id);
+
+ segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(2, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[0]);
+ EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[1]);
+
+ // Set Intercept
+ matched_policy[1].action=TSG_ACTION_INTERCEPT;
+ matched_policy[1].rule_id=TSG_ACTION_INTERCEPT;
+ matched_policy[1].service_id=TSG_SERVICE_INTERCEPT;
+
+ matched_intercept_rules_deal(&a_stream, &matched_policy[1], 1, 0);
+ const struct matched_policy_rules *hited_intercept=session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT);
+ EXPECT_NE(nullptr, hited_intercept);
+ EXPECT_EQ(1, hited_intercept->n_rules);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].action);
+ EXPECT_EQ(TSG_ACTION_INTERCEPT, hited_intercept->rules[0].rule_id);
+ EXPECT_EQ(TSG_SERVICE_INTERCEPT, hited_intercept->rules[0].service_id);
+
+ segment_ids=(struct segment_id_list *)session_control_segment_ids_get(&a_stream);
+ EXPECT_NE(nullptr, segment_ids);
+ EXPECT_EQ(3, segment_ids->sz_sidlist);
+ EXPECT_EQ(g_tsg_para.intercept_sid, segment_ids->sid_list[0]);
+ EXPECT_EQ(g_tsg_para.service_chaining_sid, segment_ids->sid_list[1]);
+ EXPECT_EQ(g_tsg_para.shaping_sid, segment_ids->sid_list[2]);
+
+ session_segment_id_free(&a_stream, 0, (void *)segment_ids);
+ session_control_segment_ids_async(&a_stream, NULL);
+
+ session_matched_rules_free(&a_stream, TSG_SERVICE_SHAPING, (void *)hited_shaping);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_SHAPING, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_SHAPING));
+
+ session_matched_rules_free(&a_stream, TSG_SERVICE_CHAINING, (void *)hited_s_chaining);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_CHAINING, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_CHAINING));
+
+ session_matched_rules_free(&a_stream, TSG_SERVICE_INTERCEPT, (void *)hited_intercept);
+ session_matched_rules_async(&a_stream, TSG_SERVICE_INTERCEPT, NULL);
+ EXPECT_EQ(nullptr, session_matched_rules_get(&a_stream, TSG_SERVICE_INTERCEPT));
+}
+
int main(int argc, char *argv[])
{
TSG_MASTER_INIT();
diff --git a/test/src/gtest_sync_state.cpp b/test/src/gtest_sync_state.cpp
index 5dd8629..14a6642 100644
--- a/test/src/gtest_sync_state.cpp
+++ b/test/src/gtest_sync_state.cpp
@@ -190,7 +190,7 @@ TEST(POLICY_UPDATE, Shaper)
TEST(SESSION_STATE, ActiveStateServiceChainingAndShaping0)
{
struct streaminfo a_stream = {0};
- struct update_policy policy_array[2];
+ struct update_policy policy_array[POLICY_UPDATE_MAX];
char test_str[256] = {0};
char ctrl_pkt_buf[1024];
int ctrl_pkt_len = 0;
@@ -482,4 +482,4 @@ int main(int argc, char *argv[])
int ret = RUN_ALL_TESTS();
MESA_destroy_runtime_log_handle(g_tsg_para.logger);
return ret;
-} \ No newline at end of file
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 16:51:03 +0000