flow: fix deferred trust for trust followed by defer

author Ron Dempster (rdempste) <rdempste@cisco.com>

Wed, 3 Aug 2022 18:07:17 +0000 (14:07 -0400)

committer Ron Dempster (rdempste) <rdempste@cisco.com>

Thu, 11 Aug 2022 15:07:12 +0000 (15:07 +0000)
author Ron Dempster (rdempste) <rdempste@cisco.com>
Wed, 3 Aug 2022 18:07:17 +0000 (14:07 -0400)
committer Ron Dempster (rdempste) <rdempste@cisco.com>
Thu, 11 Aug 2022 15:07:12 +0000 (15:07 +0000)
diff --git a/src/flow/deferred_trust.cc b/src/flow/deferred_trust.cc

index 1f6d52d86fe8937a508eded98ed330d9b85c12e6..d54bae708155256dbe44de2e5d50d973585e50cc 100644 (file)
--- a/src/flow/deferred_trust.cc
+++ b/src/flow/deferred_trust.cc
@@ -63,7 +63,8 @@ void DeferredTrust::finalize(Active& active)
          clear();
      else if (TRUST_DEFER_DO_TRUST == deferred_trust && active.session_was_allowed())
          active.set_trust();
-    else if (TRUST_DEFER_ON == deferred_trust && active.session_was_trusted())
+    else if ((TRUST_DEFER_ON == deferred_trust || TRUST_DEFER_DEFERRING == deferred_trust)
+        && active.session_was_trusted())
      {
          // This is the case where defer was called after session trust while processing
          // the same packet
diff --git a/src/flow/test/deferred_trust_test.cc b/src/flow/test/deferred_trust_test.cc

index dfe9da472170ac22aec80b509274ef2b676ad9cf..f92d54fb7ab2a2d9c166d779aff79089eed5d6bd 100644 (file)
--- a/src/flow/test/deferred_trust_test.cc
+++ b/src/flow/test/deferred_trust_test.cc
@@ -132,6 +132,22 @@ TEST(deferred_trust_test, finalize)
      CHECK_TEXT(deferred_trust.is_deferred(), "Deferred trust should be deferring");
      CHECK_TEXT(!active.session_was_trusted(), "Session was trusted while deferring trust");
      CHECK_TEXT(active.session_was_allowed(), "Session was not allowed while deferring trust");
+
+    deferred_trust.clear();
+    // Trust flow
+    active.set_trust();
+    deferred_trust.try_trust();
+    // Enable
+    deferred_trust.set_deferred_trust(1, true);
+    deferred_trust.try_trust();
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    CHECK_TEXT(deferred_trust.is_deferred(), "Deferred trust should be deferring");
+    // Session is trusted, defer should change action to allow and session should not be trusted
+    deferred_trust.finalize(active);
+    CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
+    CHECK_TEXT(deferred_trust.is_deferred(), "Deferred trust should be deferring");
+    CHECK_TEXT(!active.session_was_trusted(), "Session was trusted while deferring trust");
+    CHECK_TEXT(active.session_was_allowed(), "Session was not allowed while deferring trust");
  }
author	Ron Dempster (rdempste) <rdempste@cisco.com>
	Wed, 3 Aug 2022 18:07:17 +0000 (14:07 -0400)
committer	Ron Dempster (rdempste) <rdempste@cisco.com>
	Thu, 11 Aug 2022 15:07:12 +0000 (15:07 +0000)
src/flow/deferred_trust.cc		patch \| blob \| blame \| history
src/flow/test/deferred_trust_test.cc		patch \| blob \| blame \| history