+++ /dev/null
-/*
- * Network:
- * - server: 192.168.0.1
- * - user A: 192.168.0.2
- * - user B: 192.168.0.3
- *
- * External resources:
- * - host 1: 216.239.59.104
- * - host 2: 72.14.221.104
- * - host 3: 66.249.93.104
- * - host 4: 195.5.61.68
- *
- * Directions:
- * - Local: ALL 192.168.0.0/24
- * - DNS: TCP_UDP 195.5.61.68/32:53
- * - FTP: TCP 129.22.8.159/32:20-21
- * - World: ALL 0.0.0.0/0
- *
- */
-
-#include <cstdlib>
-#include <iostream>
-#include <string>
-#include <vector>
-#include <algorithm>
-
-#include <arpa/inet.h>
-
-#include "rules.h"
-#include "rules_finder.h"
-#include "logger.h"
-
-using namespace std;
-using namespace STG;
-
-STGLogger log;
-
-RULE MakeRule(const std::string & ip,
- const std::string & mask,
- uint16_t port1,
- uint16_t port2,
- int proto,
- int dir)
-{
- RULE rule;
-
- rule.ip = inet_addr(ip.c_str());
- rule.mask = inet_addr(mask.c_str());
- rule.port1 = port1;
- rule.port2 = port2;
- rule.proto = proto;
- rule.dir = dir;
-
- return rule;
-}
-
-RULES PrepareRules()
-{
- RULES rules;
- RULE local(MakeRule("192.168.0.0",
- "255.255.255.0",
- 0,
- 65535,
- -1,
- 0));
- RULE dns(MakeRule("195.5.61.68",
- "255.255.255.255",
- 53,
- 53,
- -1,
- 1));
- RULE ftp(MakeRule("129.22.8.159",
- "255.255.255.255",
- 20,
- 21,
- -1,
- 2));
- RULE world(MakeRule("0.0.0.0",
- "0.0.0.0",
- 0,
- 65535,
- -1,
- 3));
-
- rules.push_back(local);
-
- rules.push_back(dns);
-
- rules.push_back(ftp);
-
- rules.push_back(world);
-
- return rules;
-}
-
-PENDING_PACKET MakePacket(const std::string & from,
- const std::string & to,
- uint16_t sport,
- uint16_t dport,
- int proto,
- PENDING_PACKET::DIRECTION direction,
- int length)
-{
- iphdr hdr;
-
- hdr.ihl = 5;
- hdr.version = 4;
- hdr.tos = 0;
- hdr.tot_len = length;
- hdr.id = 0;
- hdr.frag_off = 50;
- hdr.ttl = 64;
- hdr.protocol = proto;
- hdr.check = 0;
- hdr.saddr = inet_addr(from.c_str());
- hdr.daddr = inet_addr(to.c_str());
-
- PENDING_PACKET packet(hdr, sport, dport);
-
- packet.direction = direction;
-
- return packet;
-}
-
-struct TEST_INFO {
- int wantedDir;
- int actualDir; // Parser error status
- bool stdException; // Parser throws an std execption
- bool otherException; // Parser throws another exception
- bool result;
-};
-
-struct RF_TESTER : public std::unary_function<std::pair<PENDING_PACKET, int>, void>
-{
-public:
- RF_TESTER(RULES_FINDER & r)
- : rf(r),
- testLog(),
- result(true)
- {
- };
- ~RF_TESTER()
- {
- PrintLog();
- if (result)
- exit(EXIT_SUCCESS);
- exit(EXIT_FAILURE);
- }
- void operator()(const std::pair<PENDING_PACKET, int> & entry)
- {
- TEST_INFO info;
- info.wantedDir = entry.second;
- info.actualDir = -1;
- info.stdException = false;
- info.otherException = false;
- info.result = true;
- try
- {
- info.actualDir = rf.GetDir(entry.first);
- }
- catch (std::exception & ex)
- {
- info.stdException = true;
- info.result = false;
- }
- catch (...)
- {
- info.otherException = true;
- info.result = false;
- }
- info.result &= (info.actualDir == info.wantedDir);
- result &= info.result;
- testLog.push_back(info);
- };
-
- void PrintLog()
- {
- int testNumber = 1;
- std::cout << "RF_TESTER results:\n";
- std::cout << "-----------------------------------------------------------------\n";
- std::vector<TEST_INFO>::const_iterator it;
- for (it = testLog.begin(); it != testLog.end(); ++it)
- {
- std::cout << "Test no.: " << testNumber++ << "\t"
- << "Correct dir: " << it->wantedDir << "\t"
- << "Actual dir:" << it->actualDir << "\t"
- << "STD exceptions: " << it->stdException << "\t"
- << "Other exceptions: " << it->otherException << "\t"
- << "Result: " << it->result << "\n";
- }
- std::cout << "-----------------------------------------------------------------\n";
- std::cout << "Final result: " << (result ? "passed" : "failed") << std::endl;
- }
-
- bool Result() const { return result; };
-private:
- RULES_FINDER & rf;
- std::vector<TEST_INFO> testLog;
- bool result;
-};
-
-int main()
-{
- RULES rules(PrepareRules());
- RULES_FINDER rf;
-
- rf.SetRules(rules);
-
- std::list<std::pair<PENDING_PACKET, int> > tests;
-
- // Local, SSH
- tests.push_back(make_pair(MakePacket("192.168.0.2", "192.168.0.1", 3214, 22, 6, PENDING_PACKET::OUTGOING, 0), 0));
- tests.push_back(make_pair(MakePacket("192.168.0.1", "192.168.0.2", 22, 3214, 6, PENDING_PACKET::OUTGOING, 0), 0));
- // Local, SSH, incorrect direction detection
- tests.push_back(make_pair(MakePacket("192.168.0.2", "192.168.0.1", 3214, 22, 6, PENDING_PACKET::INCOMING, 0), 0));
- tests.push_back(make_pair(MakePacket("192.168.0.1", "192.168.0.2", 22, 3214, 6, PENDING_PACKET::INCOMING, 0), 0));
- // Local, FTP
- tests.push_back(make_pair(MakePacket("192.168.0.2", "192.168.0.1", 3214, 20, 6, PENDING_PACKET::OUTGOING, 0), 0));
- tests.push_back(make_pair(MakePacket("192.168.0.1", "192.168.0.2", 21, 3214, 6, PENDING_PACKET::OUTGOING, 0), 0));
- // Local, DNS
- tests.push_back(make_pair(MakePacket("192.168.0.2", "192.168.0.1", 3214, 53, 6, PENDING_PACKET::OUTGOING, 0), 0));
- tests.push_back(make_pair(MakePacket("192.168.0.1", "192.168.0.2", 53, 3214, 6, PENDING_PACKET::OUTGOING, 0), 0));
- // Known DNS, DNS
- tests.push_back(make_pair(MakePacket("192.168.0.2", "195.5.61.68", 3210, 53, 6, PENDING_PACKET::OUTGOING, 0), 1));
- tests.push_back(make_pair(MakePacket("195.5.61.68", "192.168.0.2", 53, 3210, 6, PENDING_PACKET::INCOMING, 0), 1));
- // Known DNS, invalid ports
- tests.push_back(make_pair(MakePacket("192.168.0.2", "195.5.61.68", 3210, 54, 6, PENDING_PACKET::OUTGOING, 0), 3));
- tests.push_back(make_pair(MakePacket("195.5.61.68", "192.168.0.2", 20, 3210, 6, PENDING_PACKET::INCOMING, 0), 3));
- // Known FTP, FTP
- tests.push_back(make_pair(MakePacket("192.168.0.2", "129.22.8.159", 3241, 20, 6, PENDING_PACKET::OUTGOING, 0), 2));
- tests.push_back(make_pair(MakePacket("129.22.8.159", "192.168.0.2", 21, 3241, 6, PENDING_PACKET::INCOMING, 0), 2));
- // Known FTP, invalid ports
- tests.push_back(make_pair(MakePacket("192.168.0.2", "129.22.8.159", 3241, 53, 6, PENDING_PACKET::OUTGOING, 0), 3));
- tests.push_back(make_pair(MakePacket("129.22.8.159", "192.168.0.2", 22, 3241, 6, PENDING_PACKET::INCOMING, 0), 3));
-
- std::for_each(tests.begin(),
- tests.end(),
- RF_TESTER(rf));
-
- return EXIT_SUCCESS;
-}
git.stg.codes / stg.git / blobdiff